Exam 14: Key Management and Distribution

The __________ is the issuer of certificates and certificate revocation lists and may also support a variety of administrative functions.

__________ is an integer value unique within the issuing CA that is unambiguously associated with this certificate.

A _________ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.

A __________ consists of a public key,an identifier of the key owner,and the whole block signed by a trusted third party and can be used by participants to exchange keys without contacting a public key authority in a way that is as reliable as if the keys were obtained directly from a public key authority.

Typically the session key is used for the duration of a logical connection,such as a frame relay connection or transport connection,and then it is permanently stored.

Key distribution often involves the use of _________ which are generated and distributed for temporary use between two parties.

Several techniques have been proposed for the distribution of public keys.The proposals can be grouped into the following four general schemes: public announcement,publicly available directory,public-key certificates,and ____________.

_________ implementations make use of X.509 certificates.

__________ key encryption schemes are secure if the public key is authenticated.

A unique identifier for a transaction is a __________ and this identifier may be a timestamp,a counter or a random number,with the minimum requirement being that it differs with each request.

A _________ is defined as the set of hardware,software,people,policies,and procedures needed to create,manage,store,distribute,and revoke digital certificates based on asymmetric cryptography.

The distribution of session keys delays the start of any exchange and places a burden on network capacity.

Because certificates are forgeable they cannot be placed in a directory without the need for the directory to make special efforts to protect them.

One of the most important uses of a __________ cryptosystem is to encrypt secret keys for distribution.

__________ is the process whereby a user first makes itself known to a certification authority prior to that certification authority issuing a certificate for that user.

For link encryption manual delivery is awkward.

__________ certificates are used in most network security applications including IP security,transport layer security and S/MIME.

X.509 defines the format for private-key certificates.

Used in a variety of applications,__________ defines the format for public-key certificates.

If __________ is done at a network or IP level a key is needed for each pair of hosts on the network that wish to communicate.