Class 09 - birlzhimself/401-Reading-Notes GitHub Wiki
Name the three main components which make up PKI.
PKI stands for Public Key Infrastructure, which is a system that provides security for electronic communications. It consists of three main components: a certificate authority (CA), a registration authority (RA), and a certificate database.
The certificate authority is responsible for issuing digital certificates to verify the identities of users, devices, and web servers. The registration authority is responsible for verifying the identity of users and devices before issuing certificates. The certificate database stores information about issued certificates, including the public key of the certificate holder.
How would you explain, to a non-technical friend, the role PKI plays in protecting traffic between your browser and a web server.
To explain the role of PKI to a non-technical friend, imagine that you are sending a secret message to someone. You want to make sure that only the intended recipient can read the message and that no one else can intercept or modify it. To achieve this, you use PKI to encrypt your message using a public key that the recipient can use to decrypt the message. The recipient's public key is included in a digital certificate that is issued by a trusted certificate authority. This ensures that the recipient is who they claim to be and that their public key is valid. The certificate also includes a digital signature that ensures the message has not been tampered with in transit.
What is the main weakness of the PKI architecture?
The main weakness of the PKI architecture is that it relies on the trustworthiness of certificate authorities. If a certificate authority is compromised, an attacker can issue fraudulent certificates that allow them to intercept or modify communications. Additionally, if a user's private key is compromised, an attacker can impersonate that user and decrypt their communications. However, there are measures in place to mitigate these risks, such as using multi-factor authentication and regularly renewing certificates.