Ecommerce Implementation  «Prev  Next»
Lesson 6Public key infrastructure (PKI) standards and trust
ObjectiveUnderstand the concept of a PKI and how to revoke a certificate.

Public key Infrastructure - Standards | Trust

Public key infrastructure (PKI) standards

Public key infrastructure (PKI) is the term used to describe ways to create, store, and manage digital certificates. Many organizations are trying to create industry-standard, vendor-neutral ways to enable e-commerce. Organizations include the Open Group (TOG), the Internet Engineering Task Force (IETF), and the World Wide Web Consortium (W3C). Standard PKI elements include:
  1. Digital certificates (keys).
  2. A CA that verifies digital certificates.
  3. A registration authority[1] (RA) that vouches for the actual CA. Another name for an RA is a verification authority. A verifying authority creates a CA.
  4. A secure, central storage area for the certificates. Generally, this is an ITU X.500-compliant directory. Another name for such a storage placeis a directory.
  5. A system that securely transports certificates. The Lightweight Directory Access Protocol (LDAP) has become a popular way to access X.500-compliant databases.

The primary purpose of these standards is to establish trust between different organizations that need to work with each other. These standards have become essential in the face of rapid acceptance of client-server technology.

Revocation

Whenever a person or site loses trust in a certificate, the certificate can be revoked. CAs maintain lists of revoked certificates. Most protocols supporting certificates allow for real-time certificate verification. This process involves sending the certificate information to the CA for verification. During this step, the CA checks the certificate against the revocation
[1]:
list. Including this step takes a few seconds per transaction, which can be an unacceptable delay on busy e-commerce servers.
Reasons for revocation include:
  1. Private key compromise
  2. CA compromise
  3. Change of business practices and location
All these problems are serious breaches of trust and invalidate the certificate.
Once a key is revoked, it is effectively "dead" and cannot be reused. You will have to create another key and get it certified. In the next lesson, you will learn about different types of certificates.

Public Key Infrastructure-Exercise

Click the Exercise link below to complete a matching applet on digital certificates and certificate authorities.
Public Key Infrastructure-Exercise

PKI Standards - Exercise

Click the Exercise link below to complete an On Your Own exercise to analyze a certificate authority.
PKI Standards - Exercise

[1]Registration authority: Creates certificate authorities.
[2]Revocation: What happens when you lose trust in a certificate.