The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Which of the following components does the PKI use to list those certificates that have been revoked or are no longer valid?
longer valid, and therefore should not be relied upon. A CRL is generated and published periodically, after a defined timeframe. A CRL can also
be published immediately after a certificate has been revoked. The CRL is always issued by the CA which issues the corresponding certificates.
All CRLs have a lifetime during which they are valid; this timeframe is often 24 hours or less. During a CRL's validity period, it may be consulted
by a PKI-enabled application to verify a certificate prior to use.
Answer option A is incorrect. A certification Practice Statement (CPS) is a policy document, defined by the American Bar Association. The CPS is
associated with a certification authority (CA). It defines the measures that are used to secure CA operations and management of the
certificates issued by the CA. The CPS can be considered as an agreement between the organization managing the CA and the people relying
on the certificates issued by the CA.
Answer option B is incorrect. Certificate Policy is a policy statement defined in the X.509 standard. The CP is associated with a certificate. It
defines the measures that are used to validate a certificate's subject prior to certificate issuance and the CA's responsibilities regarding those
certificates. The CP is also considered as the certificate-issuance policy which can determine whether the presented certificate will be trusted
or not.
Answer option D is incorrect. A certification authority (CA) or certificate authority is an entity that issues digital certificates for use by other
parties. It is an example of a trusted third party. A CA issues digital certificates that contain a public key and the identity of the owner. The
matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is
also an attestation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted
in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the
information in the CA's certificates. A variety of standards and tests are used by CAs to do so.
If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to a person
identified in the certificate.
Currently there are no comments in this discussion, be the first to comment!