You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

ECommerce-Guide News provides online business owners with information about new ecommerce products, ecommerce laws and taxes, trends in ecommerce and market research on how to run an eBay business.   News, reviews and practical solutions for your online business  
Home News & Trends Solutions Resources eBiz FAQ Selling on eBay Forums Video Products Glossary About
News Research Trends


Search
ECommerce-Guide

ECommerce Glossary
Enter a Term:

Free Newsletters
Small Business Tech Daily
Webopedia

You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials
eBiz FAQ
Everything you need to know to start your own successful e-business.

Selling on eBay
How to make money in the online marketplace.

PayPal Payments and More
What's new in secure payments for your online store.

Shopping Cart Software
Solutions to close, process and track your online sales.

ecommerce-guide news and trends

Growing a Tree Of Trust -- Part One
By Mark Merkow, CCP, CISSP

December 31, 1998


Work Performed By Certificate Authorities

Key and certificate management are not tasks to be taken lightly. Nor are they for the faint-of-heart. Extremely tight security is an imperative to maintain the trust that PKIs require. At their essence, CAs provide 3 basic services to the entities (other CAs or end-entities) directly below them in the tree:

  • Certificate Issuance
  • Certificate Renewal
  • Certificate Revocation

Root Certificate authority

The highest level, or root, of the hierarchy of trust is the Root Certificate authority. It''s normally maintained off-line and only accessed when needed for signing purposes. Root CA responsibilities also include the generation and distribution of the Certificate Revocation List (CRL) in cases of any private key compromise in the branches directly below the root. Root Certificates are self-signed. Their presence is required for validating a PKI certificate chain. Enterprise root certificates will normally be imbedded in the Web browsers used to access PKI-protected resources.

What''s A Certificate Revocation List (CRL)?

The idea behind CRLs is to stop the uses of any digital certificates that are related to a set of private keys that were compromised (stolen). If a thief gains a copy of a private key and possesses its accompanying certificate, they''ve essentially stolen the identity of the private key holder. If the theft is not detected, the thief could use the key-pair (certificate and private key) to either: (a) masquerade as the legitimate keyholder without any suspicion or, (b) they could use the private key to sign forged certificates (if a CA key was stolen). Once a theft or compromise is detected, it''s critical that the CA which signed the key-pair knows about it and places the certificate''s serial number on the Certificate Revocation List immediately and re-publishes the list.

CRLs are defined by the X.509 Standard for publication and distribution of the identity of revoked, unexpired certificates. CRLs are composed of the serial numbers for all revoked certificates, with the CA that signed those certificates responsible for its near real-time maintenance to prevent any fraud or abuses using compromised private keys.

Go to page: Prev  1  2  3  4  5  6  7  8  Next  

Tools:
Add ecommerce-guide.com to your favorites
Add ecommerce-guide.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed