|Read this whole guide offline with no ads, for a low price!|
Use coupon code "certiguide" to save 20%!
|Test yourself better with 300 extra Security+ questions!|
|Get It Here!|
(Page 5 of 6)
You learned that cryptography is
standardized by a variety of organizations including:
Certificate Life Cycle
- ANSI, responsible for the X.509 certificate
standard, currently at X.509v3 and the X.509v2 Certificate Revocation
List, or CRL, standard; also sponsors X9F1 committee for financial industry
- IETF, whose PKIX, or PKI X.509, committee
is involved in issues around public key management; PKIX defines certificate
formats and protocols for issuing and authenticating certificates.
- RSA Data Security, a market leader in
asymmetric crypto, many ANSI X9 standards were first developed by RSA
in their series of PKCS standards, including PKCS #3 dealing with Diffie-Hellman
Key Agreement, PKCS #10 for requesting certificates and PKCS #11 which
details an interface for accessing data from smartcards.
- FIPS, a series of standards developed
by NIST and used by the government; they include secure hashing, digital
signatures and AES encryption standards.
You also learned about the certificate
life cycle, including events like:
- Issuance, certificates are requested by
the individual or supervising organization; the CA verifies the requesters
identity, generates a key pair and certificate, and sends these items
to the requester.
- Suspension, temporary invalidation of
a certificate, often used if you suspect compromise of the private key
but dont know for sure if it has occurred.
- Expiration, when the certificate reaches
the expiration date listed in the certificate, it is no longer valid;
the normal valid period for a certificate is a year or two.
- Status Checking, users of a certificate
can AND SHOULD check the status of a certificate to ensure it is still
valid before relying on it for anything; practically speaking, client
software such as an email client program is notorious for NOT doing
this, and thus accepting certificates which may not be valid, so users
are encouraged to check certificates independently.
- Revocation, the irreversible invalidation
of a certificate; once revoked, a certificate is no longer considered
valid; this can happen if the subscriber informs the CA that the private
key for that certificate has been compromised; certificates can be revoked
by being placed on a CRL, or by inclusion in an OCSP, or online certificate
status protocol, database, which is a newer revocation list management
system that enables more up-to-date status tracking.
- Recovery, the process of reacquiring a
private key that has been lost due to hardware failure, user error,
etc.; an organization might also want to recover a private key for an
ex-employee if required for a business function or law enforcement investigation;
relies on key escrow and secure storage.
- Renewal, the process of re-validating
or replacing a certificate that is near or at its expiration date; some
CAs recommend totally replacing a certificate with a new key pair;
others think just issuing an updated one with the current key pair is
- Destruction, the permanent removal of
a key pair you no longer need.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.