Public Key Infrastructure (PKI) - focodecided/ops401-cybersecurity GitHub Wiki

Name the three main components which make up PKI.

The three main components of PKI are:

1. Certificate Authority (CA) - The trusted party that signs certificates associating keys with entities
2. Public and Private Keys - The key pairs used for encryption and identity verification
3. Certificates - The documents signed by the CA that bind keys to entities

How would you explain, to a non-technical friend, the role PKI plays in protecting traffic between your browser and a web server.

• When you visit a website that starts with "https", that means there is a secure connection set up using something called PKI. PKI helps identify that you are actually connected to the website you intend, like your bank or email provider, and not a fake copy.
• It works using special keys and digital signatures to confirm identities, like an ID card. The website has a verified key, and your browser checks the website's "ID card" certificate to make sure it's valid. This protects you from anyone spying on or altering the data you exchange with the real website.

What is the main weakness of the PKI architecture?

• The main weakness of PKI is that the certificate authorities that issue and validate the digital certificates reside in many different countries, some of which may be untrustworthy. Governments or other groups may coerce the certificate authorities to create fake identity certificates, allowing spying or impersonation when communicating with websites and servers.

Sources:

https://www.ssh.com/academy/pki