Chapter 1: Foundation

PKI and Certificates

• PKI is often considered to be a standard, but in fact it is a set of policies, products, and procedures
• In particular, the policies specify how to handle keys and valuable information and how to match level of control to level of risk.
• The procedures dictate how the keys should be generated, managed, and used
• Finally, the products actually implement the policies, and they generate, store, and manage the keys.
• PKI sets up entities, called certificate authorities, that implement the PKI policy on certificates.
• The general idea is that a certificate authority is trusted
• users can delegate the construction, issuance, acceptance, and revocation of certificates to the authority