Public Key Infrastructure (PKI)

Why does this topic matters

• This topic matters because PKIs allow us to navigate and browse the web in a secure method.
• Without PKIs we would be susceptible to espionage, malware injection, and other threats. Having an established and trusted public key infrastructure will improve overall security on the web.

Name the three main components which make up PKI.

• The three main components that makes up a PKI are:
  • Certificate Authority (CA): A trusted party signing the document associating the key with the device, the documents are called certificates.
  • Private key: A secret key, only known by that entity, and is used for signing certificates.
  • Public key: Is used for verifying signatures, but cannot be used to sign. The public key is made available to anyone, and is typically included in the certificate document.

How would you explain, to a non-technical friend, the role PKI plays in protecting traffic between your browser and a web server.

• I would explain to my friend that the PKI acts like a passport to the website. PKIs create certificates that server to identify the web site (that the web server sets up and maintains) you connect to. The certificate makes sure that on one can eavesdrop during your connection.

What is the main weakness of the PKI architecture?

• The main weakness of a public PKI is that any CA can sign a certificate for any person or computer. This opens the door for some CAs to create certificates for parties have no business vouching for.
• There is also the issue that intelligence agencies can use fraudulent certificates for espionage, malware injection, and forging messages.

Things I would like to know more about.

• I would like to know how to setup a private public key infrastructure, since there are some valid concerns about public CAs, it would be a good skill to have in order to improve overall security.