Page 580 - StudyBook.pdf
P. 580

564    Chapter 10 • Public Key Infrastructure

             anchor is an entity known to be trusted without requiring that it be trusted by
             another party, and therefore can be used as a base for trusting other parties. Going
             back to the example of Tim, his wife Amanda would be the trust anchor, since Tim
             has trust in her without referring to his trust in anyone else. In terms of the PKI,
             the root CA is the most trusted, and is the trust anchor.
                 Since there is nothing above the root CA, no one can vouch for its identity; it
             must create a self-signed certificate to vouch for itself.With a self-signed certificate,
             both the certificate issuer and the certificate subject are exactly the same. Being the
             trust anchor, the root CA must make its own certificate available to all of the users
             (including subordinate CAs) that will ultimately be using the root CA.


                A Compromised Root CA
           Notes From the Underground…
                Keeping a root CA’s private keys secure should be priority number one in
                PKI security. The work that goes into revoking and replacing a compro-
                mised root CA key is tremendous. Not only does the root CA have to be
                revoked and recreated, but so do any certificates created by a subordi-
                nate CA now suspect of being compromised. Also, the revocation of the
                root CA’s key must be communicated to anyone who has ever trusted the
                root CA.
                The saving grace of root CA’s is that they are only rarely used to certify
                immediately subordinate CAs, and can therefore be kept offline and
                physically secured, brought online only briefly to sign a new subordinate
                CA’s certificate or revoke a compromised subordinate CA’s certificate.










                 Under the root CA comes one or more intermediate CAs. In most hierarchies,
             there is more than one intermediate CA.The intermediate CA is responsible for
             issuing certificates to the CAs below them, known as leaf CAs. Leaf CA’s are
             responsible for issuing certificates to end users, servers, and other entities that use
             certificates.The hierarchical model is the most popular model used today and is
             shown in Figure 10.5.










          www.syngress.com
   575   576   577   578   579   580   581   582   583   584   585