Page 613 - StudyBook.pdf
P. 613
Public Key Infrastructure • Chapter 10 597
A: The bottom line is it does not have to be destroyed. However, imagine what
would happen if you decided to no longer use a particular credit card. If you
left the credit card active and did not destroy it, an unauthorized party could
potentially use it.The same is true of unused key pairs.
Q: Which is better, software storage for private keys or hardware storage?
A: As a rule of thumb, hardware storage is always better since in theory, there is a
greater potential for keys to be compromised using software storage. However,
hardware storage costs money, and generally has protections against porting the
private key to a new location if this is required.
Self Test
A Quick Answer Key follows the Self Test questions. For complete
questions, answers, and explanations to the Self Test questions in this
chapter as well as the other chapters in this book, see the Self Test
Appendix.
1. You are applying for a certificate for the Web server for your company.Which
of these parties would you not expect to be contacting in the process?
A. A registration authority (RA)
B. A leaf CA
C. A key escrow agent
D. A root CA
2. What portion of the information in your certificate should be kept private?
A. All of it. It is entirely concerned with your private information.
B. None of it.There is nothing private in the certificate.
C. The thumbprint, that uniquely identifies your certificate.
D. The public key listed in the certificate.
3. In creating a key recovery scheme that should allow for the possibility that as
many as two of the five key escrow agents are unreachable, what scheme is
most secure to use?
www.syngress.com
