question archive Using our fundamental security 'quality of service' criteria of confidentiality, integrity, and authentication, explain how - within a PKI - public keys are distributed with trust
Using our fundamental security 'quality of service' criteria of confidentiality, integrity, and authentication, explain how - within a PKI - public keys are distributed with trust
Subject:ManagementPrice:2.86 Bought3
Using our fundamental security 'quality of service' criteria of confidentiality, integrity, and authentication, explain how - within a PKI - public keys are distributed with trust
Purchase A New Answer
Custom new solution created by our subject matter experts
GET A QUOTE
Answer Preview
The most important concepts to understand to grasp how PKI works are keys and certificates. A key, as already noted, is a long string of bits — a number, in other words — that's used to encrypt data. For instance, if you used the ancient and simple Caesar cipher with a cryptographic key of 3, that would mean that every letter in your message is replaced by one three letters later in the alphabet — A becomes D, B becomes E, and so forth. To decode its message, your recipient would need know not only that you were using the Caesar cipher but that your key was 3.
Obviously the mathematics behind modern encryption is much more complicated than this. One of the ways it's different gets around a somewhat obvious problem with the Caesar cipher: you have to somehow let your recipient know the key used to encode the encrypted message. PKI gets its name because each participant in a secured communications channel has two keys. There's a public key, which you can tell to anyone who asks and is used to encode a message sent to you, and a private key, which you keep secret and use to decrypt the message when you receive it. The two keys are related by a complex mathematical formula that would be difficult to derive from brute force. If you want to get into the weeds on this form of encryption, known as asymmetrical cryptography.
PKI is great for securing email for the same reason that it's great for securing web traffic: because data flowing over the open internet can be easily intercepted and read if it isn't encrypted, and because it can be difficult to trust that a sender is who they claim to be if there isn't some way to authenticate their identity. As we've seen, establishing near-universal PKI for web traffic has been relatively easy because most of the necessary infrastructure is built into web browsers and servers. Email is accessed through more heterogenous clients, which makes things a bit trickier.
