Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9  4.5  Key Management and Certificate Lifecycles

Previous Topic/Section
4.5  Key Management and Certificate Lifecycles
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.2  Storage
Next Topic/Section

4.5.1  Centralized vs. Decentralized

When implementing a PKI scheme, you need to look at whether you require a centralized key management mechanism, in which a central authority manages keys, or whether a decentralized model, in which each individual user manages his/her own key pair, is sufficient.

A model such as the one used by PGP is decentralized, and therefore would not scale well at the enterprise level. The more users you have, the more individual sources of keys (and points of potential vulnerability) you’d have – in addition to being a high-overhead model that makes certain functions like key distribution difficult, it’s just asking for a private key compromise sooner rather than later (as an inexperienced clerk allows a tech-savvy power-user in the department unrestricted access to the file containing his private key). Without a central authority verifying user identity, you’d need to investigate each provider of a public key and satisfy yourself that they are legitimate before accepting it. What if an individual’s key has been compromised and then revoked? Using decentralized key management, you might not know about the revocation unless the user happened to email you and let you know.

Centralized key management is performed by a firm, such as VeriSign, or within an organization itself. The managing organization controls functions like the generation, escrow and status checking of keys it issues, freeing individual users from these tasks. Typically centralized key management involves the use of a Certificate Authority to issue and manage certificates (and thus keys).

PKI Key Management

Key management can be either centralized or decentralized. In the centralized approach, a central authority manages keys. In the decentralized approach, individual users (or groups of them) manage their own key pairs. When a Certificate Authority is used to issue and manage certificates (and thus, keys), you are dealing with centralized key management.



Previous Topic/Section
4.5  Key Management and Certificate Lifecycles
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.2  Storage
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.