Export (0) Print
Expand All

5 Security Considerations

Any cryptographic protocol has security considerations dealing with key handling during cryptographic operations and key distribution. A public-key certificate, although it is not by itself a protocol, has most of the same security considerations that a cryptographic protocol has—in the sense that a public key certificate is a "message" from the CA to the relying parties (RPs). This "message" is addressed, in effect, to "to whom it may concern". A cryptographic protocol that deals with the transmission, issuance, or other use of a public key certificate therefore has security considerations in two areas: around the protocol itself and around the certificate and its use.

In addition, a certificate binds two or more pieces of information together. In the most common case, that would be a public key and a name. The name in such a certificate has security relevance, and there are security considerations around the use and provisioning of those names. In some certificate forms, there are attributes bound to either a name or a key, and there are security considerations around the use and provisioning of those attributes.

 
Show:
© 2014 Microsoft