Risking “trust” in a public key infrastructure: old techniques of managing risk applied to new technology

摘要

Installing a public key infrastructure (PKI) can change in the security model of an IT operation in several ways. This article gives a layman's overview of what exactly a PKI is, and how one can be built and operated safely and securely. First, the PKI must be designed using the familiar principles of risk management, rather than “trust management”. Next, although it is not widely appreciated, digital signatures are not equivalent to traditional signatures, and understanding this difference is crucial to understanding how a PKI needs to be audited. Lastly, I will show that for a PKI to provide ongoing security, the principles of compromise–containment and regular auditing must be adhered to.