Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)

In this chapter we focus on the concept of trust in a Windows Server 2003 public key infrastructure (PKI). We will explore Windows Server 2003 PKI trust types and trust models and look at how you can define and manage PKI trust relationships in a Windows Server 2003 environment. Windows Server 2003 PKI includes some very important changes in all of these areas.

14.1 PKI is all about trust

The most fundamental question that must be answered in a PKI is: Which public keys are trustworthy? When you use the public key of Alice to provide an important security service, you want to be sure that you are really using Alice’s key. The latter is easy to check when you know Alice very well: You could simply ask her. Anyhow, you usually have a lot of confidence in people you know very well. This is not true for a person (let’s call him Bob) you accidentally met in some Internet newsgroup. The bigger the distance between two people, the lower the confidence level. In cases like that, trusted third parties (TTPs) can make your life much easier. A TTP may know you and Bob very well and may convince you of the trustworthiness of the other user’s key. A TTP in a PKI environment is called a Certification Authority (CA).

Trust in a PKI starts off with trust in the Certification Authority. When you trust a CA, you trust every certificate it issues. Trust of the CA means that you expect that a particular CA can create legitimate certificates that uniquely bind information about an individual to a public key. You also expect that the CA—before it issues the certificate—verifies the individual’s identity and checks whether his or her private key is stored securely. These expectations can be based on observations that you have made over a longer period of time. They can also be based on a rumor you heard or simply a belief you have.

The word belief in the previous phrase shows that trust in a PKI, in a certificate, or in a public key, is not a scientific fact; in many cases it is based on some assumption. The latter may be hard to understand for technologists used to dealing with IT logic. The ITU-T X.509 standard (paragraph3.3.23) also uses the term assumption in its definition of trust: “An entity can be said to ‘trust’ a second entity when it (the first entity) makes the assumption that the second entity will behave exactly as the first entity expects. This trust may apply only for some specific function. The key role of trust in the authentication framework is to describe the relationship between an authenticating entity and a certification authority; an authenticating entity shall be certain that it can trust the Certification Authority to create only valid and reliable certificates.”

Категории