P1: JDW
PublicKey WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:56 Char Count= 0
Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Russ Housley,Vigil Security, LLCIntroduction 156
PKI Basics 156
PKI Components and Users 158
PKI Architectures 158
Hierarchical PKI 158
Mesh PKI 158
Hybrid PKI Architectures 159
Public Key Certificates 159
Certificate Revocation 160
PKI Management Protocols 160
PKCS #10 161Certificate Management Protocol 161
Certificate Management Messages over CMS 162
Simple Certificate Enrollment
Protocol 162
Policies and Procedures 162
Future Developments 164
Sliding Window Delta CRLs 164
Delegated Path Validation 164
Glossary 165
Cross References 165
Further Reading 165INTRODUCTION
As more business transaction occur on the Internet, se-
curity services based on cryptography become essential.
Public key cryptography plays an important role in pro-
viding confidentiality, integrity, authentication, and non-
repudiation. The basic problem with using public key
cryptography is determining who holds the corresponding
private key. There are two ways to address this problem.
In the first approach, the public key user maintains a lo-
cal database of the public key and identity pairs. This ap-
proach is used in secure shell (SSH) and account-based
secure payment as defined in ANSI X9.59, but it does
not scale to large communities or facilitate ad hoc com-
munications. The second approach does not have these
shortcomings. In the second approach, a trusted party
issues apublic key certificate,or simplycertificate,con-
taining identification information and a public key. The
recipient of such a certificate can be confident that the
named party has possession of the private key that goes
with the public key contained in the certificate. The col-
lection of hardware, software, people, policies, and pro-
cedures needed to create, manage, store, distribute, and
revoke certificates is called apublic key infrastructure
(PKI).
The certificate may also indicate the applications that it
supports. A certificateissuer,called acertification author-
ity(CA) can specify the supported applications or specify
the expected cryptographic operations. For example, the
certificate could specify virtual private network (VPN) key
management. Alternatively, the certificate issuer might
specify that the public key should be used for validating
digital signatures.
PKI is not an application in its own right; rather, it is
a pervasive substrate. When properly implemented, it can
be taken for granted. PKI provides the binding of pub-
lic keys and identity information, and then applications
make use of the public keys to provide security services
such as confidentiality, integrity, authentication, and non-
repudiation.PKI BASICS
The public key certificate contains fields for the subject’s
identity and public key. The certificate can indicate a com-
pany or organization along with a common name. A va-
riety of name forms are supported. Some name forms
are abstract, and others are addresses, such as an e-mail
address. The certificate also includes two date fields that
specify an activation date and an expiration date. The cer-
tificate also contains the name of the CA that created the
certificate. To clearly identify each certificate that it issues,
the CA includes a unique serial number. Finally, the entire
contents of the certificate are protected by the CA’s digi-
tal signature. Figure 1 illustrates Bob’s public key certifi-
cate.
In Figure 1, the Hawk CA1 issued Bob’s public key cer-
tificate. The certificate was activated at noon on February
14, 2002, and will expire at noon on February 14, 2003.
This certificate has serial number 48. It includes Bob’s
name and his RSA public key. The Hawk CA1 signed the
certificate with it’s own private key, using the DSA signa-
ture algorithm and the SHA-1 one-way hash function.
The CA’s signature ensures that the certificate cannot
be undetectably modified. If anyone changes the contents
of the signed certificate, it can be easily detected. The sig-
nature will not validate with the modified certificate con-
tent. If the digital signature does not verify, the contents
have been changed or the certificate is a complete forgery.
Either way, it will not be trusted.
How can a certificate user determine whether to trust
the certificate contents? The certificate cannot indicate
whether the subject has died or changed jobs. Similarly,
by looking at a credit card, merchant cannot tell whether
it has been revoked.
Like business cards, once a certificate is distributed, it
is practically impossible to retrieve all of the copies. In
fact, the problem is worse for certificates, since they are
digital objects, certificates can be easily replicated and re-
distributed. All copies cannot be recovered if the informa-
tion in it is no longer current.156