4.5.1 Centralized vs. Decentralized
When implementing a PKI scheme, you need to look at whether you require a centralized key management mechanism, in which a central authority manages keys, or whether a decentralized model, in which each individual user manages his/her own key pair, is sufficient.
A model such as the one used by PGP is decentralized, and therefore would not scale well at the enterprise level. The more users you have, the more individual sources of keys (and points of potential vulnerability) youd have in addition to being a high-overhead model that makes certain functions like key distribution difficult, its just asking for a private key compromise sooner rather than later (as an inexperienced clerk allows a tech-savvy power-user in the department unrestricted access to the file containing his private key). Without a central authority verifying user identity, youd need to investigate each provider of a public key and satisfy yourself that they are legitimate before accepting it. What if an individuals key has been compromised and then revoked? Using decentralized key management, you might not know about the revocation unless the user happened to email you and let you know.
Centralized key management is performed by a firm, such as VeriSign, or within an organization itself. The managing organization controls functions like the generation, escrow and status checking of keys it issues, freeing individual users from these tasks. Typically centralized key management involves the use of a Certificate Authority to issue and manage certificates (and thus keys).
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.