Skip to main content

Currently Skimming:

H - Summary of Important Requirements for a Public-Key Infrastructure
Pages 450-454

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 450...
... To ensure proper linkage of a public key with a specific user, the identity of that user must be authenticated. User authentication is usually conducted by the certification authority (CA)
From page 451...
... Since the CA performs user authentication at key certification time and is responsible for keeping the user's name and public key associated, each CA must be a trusted entity, at least to the extent defined in the pertinent PCA policies. This implies the provision of some security protection for each CA, specifically the private key of the CA, so that the CA cannot be modified or impersonated.
From page 452...
... Legal requirements should clarify reasonable security procedures without sacrificing needed flexibility. The question is not whether to have or not to have security, but rather whether the implemented security mechanisms provide the degree of security offered by the digital signatures.
From page 453...
... -- A key-generation facility has limited liability for the compromise of a private key during the key distribution process if the documented policies and procedures relevant to the facility are not followed, resulting in the revelation of the private key. -- A CA has no liability associated with forged signatures unless the forgery results because the documented policies and procedures relevant to the CA were not followed.
From page 454...
... -- A CA has limited liability for revoking a certificate for a reason not specified in its revocation policy. -- A CA has limited liability if, despite its having followed published policies and procedures, a certificate in the database is modified or deleted.

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.