Mission-Critical Active Directory

This chapter focuses on public key infrastructure (PKI) a crucial technology for distributed and heterogeneous computer environments that require a security system to provide authentication, confidentiality, and nonrepudiation services. This chapter provides background information on PKI, what you can use it for, how you can implement it on top of a Windows 2000 Active Directory infrastructure, and what components make up the Windows 2000 PKI. In Chapter 9, we will look at the steps you need to consider when planning and designing a Windows 2000 PKI.
What is a public key infrastructure? A public key infrastructure (PKI) provides a set of security building blocks, which can be used by distributed applications to provide strong security services to their users. Among the building blocks that can be offered by a PKI are identification, data authentication, confidentiality, integrity, and nonrepudiation.
It s important to stress the last letter of the acronym PKI. A PKI is an infrastructure. Many applications can build on it to provide strong security (as illustrated in Figure 8.1). In the next chapter we will discuss some PKI-enabled applications that can be built on top of a Windows 2000 PKI. Market analysts project Web, VPN, and e-mail as the top three applications that will very likely be PKI enabled on a widespread scale during the years to come.
At the heart of a PKI is cryptography and, more specifically, asymmetric cryptographic ciphers. Asymmetric ciphers deal with public...