PKI - Public Key InfrastructureGeneral name for 'all stuff that is needed for security': hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
SSL - Secure Sockets Layer
A protocol for secure connection over the net. It insure
- Confidentiality – secure communication between server-client
- Integrity assurance – data sent from the client was not tampered with in transit
- Authentication (optional) – server AuthN to Client and vice versa
SSL latest version is 3.1 and is also known as TLS
CRL - Certificates Revocation ListA list is a list of revoked certificates from a specific certificate issuer.
Each certificate can hold an address as URL where the issuer places its CRL and anyone like a web server could fetch the CRL and insure the certificate presented has not been revoked by the Certificate issuer (CA).
Authentication: Who sent this message?“it’s from me, Julie. I swear! Trust me.”
“it’s from me, Bill Gates. I swear! Trust me. Heh heh.”
Authorization: What can this person do?Retrieve telephone numbers? Social Security numbers?
Solution: Use Roles to define privileges
Confidentiality: Who can read this message?*$#(UDUSF(*#WJF*SJ()jd90fd”Q@fdsj48!
“thanks for sending me that credit card number! Heh heh.”
Shared secret or public/private key pairs to encrypt & decrypt
Integrity: Did anyone tamper with this message?“darling, will you marry me?”
“darling, I must confess, I’m married”
Solution: Digital Signature used to compare sent & received message