Public Key Infrastructure • Chapter 10  601

                 14. An attacker has broken into your SSL-secured Web server, which uses a certifi-
                    cate held in local software storage, and defaced it. Do you need to revoke the
                    certificate?
                    A. Yes. Software storage is no protection against hackers, and the hacker may
                        now have the private key in his possession.

                    B. No.The hacker would have needed to know the key’s password in order to
                        sign anything.

                    C. No.The hacker cannot use the key to sign data once the Web server has
                        been repaired.
                    D. Yes.The hacker may have used the key to sign information that others may
                        continue to trust.

















































                                                                              www.syngress.com