Page 601 - StudyBook.pdf
P. 601

Public Key Infrastructure • Chapter 10  585

                 ment, this is either a sensible method to allow prosecution of criminals who
                 encrypt, or it’s a way in which the government can have all of our commercial
                 secrets in their hand, or something in between. In 1995, the U.S. government
                 required that all parties keep copies of their key pairs with a key escrow company.
                 Almost immediately, conspiracy theorists began questioning the government’s
                 intentions for requiring the use of key escrows. Eventually, the U.S. government
                 decided to avoid a battle, and dropped the requirement.


                   Big Brother
               Head of the Class…  to pass the idea of implementing a special encryption chip, known as the
                   Key escrow is not the only reason the government was questioned about
                   its intentions regarding encryption. In 1993, the U.S. Congress was trying

                   Clipper Chip, in all electronic devices made inside of the U.S. The Clipper
                   Chip was controversial because the encryption algorithm used, SkipJack,
                   was a classified algorithm and was never scrutinized by the public com-
                   puting community. Once again, there was an uproar. Once again, the
                   government pulled back.
                        The general fear was that since the government was controlling the
                   encryption format, they could track and decrypt every communication
                   session established through the use of the Clipper Chip. There were also
                   concerns about the strength of SkipJack. What little information there
                   was about SkipJack included the fact that it used an 80-bit key, which is
                   easily broken.


                    Although there are apparent down sides to escrow, it serves a useful purpose.
                 For example, key escrow provides investigators with the ability to track criminal
                 activity that is taking place via encrypted messages. Key escrow is also a method of
                 archiving keys, providing the ability to store keys securely offsite.

                 Expiration

                 When a certificate is created, it is stamped with Valid From and Valid To dates.The
                 period in between these dates is the duration of time that the certificate and key
                 pairs are valid. During this period, the issuing CA can verify the certificate. Once a
                 certificate has reached the end of its validity period, it must be either renewed or
                 destroyed.
                    Renewing a certificate can be carried out using the same key pair that was
                 used for the original certificate request, as long as the renewal request is made
                 before the existing certificate expires. Figure 10.12 shows the valid dates for a
                 secure Web site.


                                                                              www.syngress.com
   596   597   598   599   600   601   602   603   604   605   606