PGP_PKI_Hay_Roe - PGP and PKI (Public Key Infrastructure)...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
PGP and PKI (Public Key Infrastructure) Disclaimer: “classic” PGP vs. Network Associates version Many companies are using PGP to exchange confidential data with other companies because PGP is easy to obtain PGP is cheap PGP is easy to use PGP uses standard, tested algorithms (RSA, IDEA), not suspect proprietary ones PGP is being used by many/most of the other companies that they want to exchange data with However, PGP has the same basic problem that afflicts all public key systems: authentication of public keys How do I make sure that this public key really belongs to X, and not to some bad guy? How do I make sure that this public key is X’s current public key and not X’s old, no longer valid public key? “This whole business of protecting public keys from tampering is the most difficult problem in practical public key applications.” p. 27, The Official PGP User’s Guide Most public key systems nowadays, including PGP, use digital certificates as the basis for dealing with this problem. issuer subject expiration date plaintext and signed digest (How would you handle the problem without using digital certificates?)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
PGP’s solution: the “web of trust” model self-signed certificates trust levels and “trusted introducers”
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 5

PGP_PKI_Hay_Roe - PGP and PKI (Public Key Infrastructure)...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online