Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 14: Trust in Windows Server 2003 PKI
In this chapter we focus on the concept of trust in a Windows Server 2003 public key infrastructure (PKI). We will explore Windows Server 2003 PKI trust types and trust models and look at how you can define and manage PKI trust relationships in a Windows Server 2003 environment. Windows Server 2003 PKI includes some very important changes in all of these areas.
14.1 PKI is all about trust
The most fundamental question that must be answered in a PKI is: Which public keys are trustworthy? When you use the public key of Alice to provide an important security service, you want to be sure that you are really using Alice s key. The latter is easy to check when you know Alice very well: You could simply ask her. Anyhow, you usually have a lot of confidence in people you know very well. This is not true for a person (let s call him Bob) you accidentally met in some Internet newsgroup. The bigger the distance between two people, the lower the confidence level. In cases like that, trusted third parties (TTPs) can make your life much easier. A TTP may know you and Bob very well and may convince you of the trustworthiness of the other user s key. A TTP in a PKI environment is called a Certification Authority (CA).
Trust in a PKI starts off with trust in the Certification Authority. When you trust a CA, you trust every certificate it issues. Trust of the CA means that you...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
