You are previewing Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations.
O'Reilly logo
Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations

Book Description

This book is a tutorial on, and a guide to the deployment of, Public-Key Infrastructures. It covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. Emphasis is placed on explaining the interrelated fields within the topic area, to assist those who will be responsible for making deployment decisions and architecting a PKI within an organization.

Table of Contents

  1. Copyright
  2. About the Authors
  3. Acknowledgments
  4. About the Technical Reviewers
  5. Feedback Information
  6. Foreword
  7. Introduction
  8. Concepts
    1. Introduction
    2. Public-Key Cryptography
      1. Symmetric Versus Asymmetric Ciphers
      2. Public/Private Key Pair
      3. Services of Public–Key Cryptography
      4. Algorithms
      5. Summary
      6. References
    3. The Concept of an Infrastructure
      1. Pervasive Substrate
      2. Application Enabler
      3. Business Drivers
      4. Public-Key Infrastructure Defined
      5. Summary
    4. Core PKI Services: Authentication, Integrity, and Confidentiality
      1. Definitions
      2. Mechanisms
      3. Operational Considerations
      4. Summary
      5. References
    5. PKI-Enabled Services
      1. Secure Communication
      2. Secure Time Stamping
      3. Notarization
      4. Non-Repudiation
      5. Privilege Management
      6. Mechanisms Required to Create PKI-Enabled Services
      7. Operational Considerations
      8. "Comprehensive PKI" and Current Practice
      9. Summary
      10. References
    6. Certificates and Certification
      1. Certificates
      2. Certificate Policies
      3. Certification Authority
      4. Registration Authority
      5. Summary
      6. References
    7. Key and Certificate Management
      1. Key/Certificate Life Cycle Management
      2. Summary
      3. References
    8. Certificate Revocation
      1. Periodic Publication Mechanisms
      2. Other Revocation Options
      3. Performance, Scalability, and Timeliness
      4. Summary
      5. References
    9. Trust Models
      1. Strict Hierarchy of Certification Authorities
      2. Distributed Trust Architecture
      3. Web Model
      4. User-Centric Trust
      5. Cross-Certification
      6. Entity Naming
      7. Certificate Path Processing
      8. Summary
      9. References
    10. Multiple Certificates per Entity
      1. Multiple Key Pairs
      2. Key Pair Uses
      3. Relationship between Key Pairs and Certificates
      4. Real-World Difficulties
      5. Independent Certificate Management
      6. Support for Non-Repudiation
      7. Summary
      8. References
    11. PKI Information Dissemination: Repositories and Other Techniques
      1. Private Dissemination
      2. Publication and Repositories
      3. In-Band Protocol Exchange
      4. Summary
      5. References
    12. PKI Operational Considerations
      1. Client-Side Software
      2. Off-Line Operations
      3. Physical Security
      4. Hardware Components
      5. User Key Compromise
      6. Disaster Preparation and Recovery
      7. Summary
      8. References
    13. Legal Framework
      1. Legal Status of Digital Signatures
      2. Legal Framework for PKIs
      3. What about Confidentiality?
      4. Summary
      5. References
    14. Conclusions and Further Reading
      1. Conclusions
      2. Further Reading
  9. Standards
    1. Introduction
    2. Major Standards Activities
      1. X.509
      2. PKIX
      3. X.500
      4. LDAP
      5. ISO TC68
      6. ANSI X9F
      7. S/MIME
      8. IPsec
      9. TLS
      10. SPKI
      11. OpenPGP
      12. EDIFACT
      13. Other Activities
      14. Summary
      15. References
    3. Standardization Status and Road Map
      1. Current Standardization Status
      2. On-Going Standardization Work
      3. Summary
      4. References
    4. Standards: Necessary, but Not Sufficient
      1. The Role of Standards, Profiles, and Interoperability Testing
      2. Interoperability Initiatives
      3. Summary
      4. References
    5. Conclusions and Further Reading
      1. Summary
      2. Suggestions for Further Reading
  10. Deployment Considerations
    1. Introduction
    2. Benefits (and Costs) of a PKI
      1. Business Case Considerations
      2. Cost Considerations
      3. Deployment: Now or Later?
      4. Summary
      5. Reference
    3. Deployment Issues and Decisions
      1. Trust Models: Hierarchical Versus Distributed
      2. In-Source Versus Out-Source
      3. Build Versus Buy
      4. Closed Versus Open Environment
      5. X.509 Versus Alternative Certificate Formats
      6. Targeted Applications Versus Comprehensive Solution
      7. Standard Versus Proprietary Solutions
      8. Interoperability Considerations
      9. On-Line Versus Off-Line Operation
      10. Peripheral Support
      11. Facility Requirements
      12. Personnel Requirements
      13. Certificate Revocation
      14. End-Entity Roaming
      15. Key Recovery
      16. Repository Issues
      17. Disaster Planning and Recovery
      18. Security Assurance
      19. Mitigating Risk
      20. Summary
      21. References
    4. Barriers to Deployment
      1. Repository Issues
      2. Knowledgeable Personnel
      3. PKI-Enabled Applications
      4. Corporate-Level Acceptance
      5. Summary
      6. References
    5. Typical Business Models
      1. Internal Communications Business Model
      2. External Communications Business Model
      3. Internal/External Business Model Hybrids
      4. Business Model Influences
      5. Government-Sponsored Initiatives
      6. Inter-Domain Trust
      7. Summary
      8. References
    6. Conclusions and Further Reading
      1. Summary
      2. Suggestions for Further Reading
  11. Index