Beruflich Dokumente
Kultur Dokumente
INFRASTRUCTURE
AGENDA
Trust
A B
Third Party Trust: a common trusted entity
Trust Trust
Trust
A B
PKI: Trust from a Third Party
Root CA
DC
DC DC
Root CA
Signs All Certificates
Publishes a self signed certificate
Self signed certificate is created with own
private key to verify its own identity
Maintains list of valid certificates issued by CA
Maintains Certificate Revocation List (CRL)
Limitations: if private key is compromised, all
DCs becomes worthless
Distributed Trust Model
Root CA
Intermediate CA
Intermediate CA
DC DC DC
DC DC DC
Distributed Trust Model
Digest
Digest DS
Public Key
B
Digital Certificate
Weakness of Digital Signature: Lack of
Authentication
Public Key
Private Key
DS DS
A B
Public Key
Common
Place
Digital Certificate
On receipt of a digitally signed message from
A, B gets public key of A from central place to
verify A’s DS
DS Private Key
X DS DS
DS
C
A B
Public Key
Common
Place
Digital Certificate
C generates his own key pair and puts public
key at Central place
C creates a new message and digitally sign it
with his private key and send it to B and tells B
that he is A
On receipt, B verifies DS with public key of C
B has no idea about true identity of the
sender because any one can pretend to be A
Digital Certificate
Digital Signature itself does not verify identity of the sender and his
public key