Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
8.1.5.1.1 Distribution of Static Public Keys<br />
March, 2007<br />
Static public keys are relatively long lived and are typically used for a number of executions of<br />
an algorithm. The distribution of the public key should provide assurance to the receiver of that<br />
key that the true owner of the key is known (i.e., the owner of the key pair); this requirement<br />
may be disregarded if anonymity is acceptable. However, the strength of the overall architecture<br />
and trust in the validity of the protected data depends, in large part, on the assurance of the public<br />
key owner’s identity.<br />
In addition, the distribution of the public key shall provide assurance to the receiver that:<br />
1. the purpose/usage of the key is known (e.g., RSA digital signatures or elliptic curve key<br />
agreement),<br />
2. any parameters associated with the public key are known (e.g., domain parameters),<br />
3. the public key is valid (e.g., the public key satisfies the known arithmetical properties),<br />
and<br />
4. the owner actually possesses the corresponding private key.<br />
8.1.5.1.1.1 Distribution of a Trust Anchor's Public Key in a PKI<br />
The public key of a certificate authority is the foundation for all PKI-based security services. The<br />
trust anchor is not a secret, but the authenticity of the trust anchor is the crucial assumption for<br />
PKI. Trust anchors may be obtained through many different mechanisms, providing different<br />
levels of assurance. The types of mechanisms that are provided may depend on the role of the<br />
user in the infrastructure. A user that is only a “relying party” – that is, a user that does not have<br />
keys registered with the infrastructure – may use different mechanisms than a user that possesses<br />
keys registered by the infrastructure. Trust anchors are frequently distributed as "self-signed"<br />
X.509 certificates, that is, certificates that are signed by the subject public key of the certificate.<br />
Trust anchors are often embedded within an application and distributed with the application. For<br />
example, the installation of a new web browser typically includes the installation or replacement<br />
of the user’s trust anchor list. Operating systems often are shipped with "code signing" trust<br />
anchor public keys. The user relies upon the authenticity of the software distribution mechanism<br />
to ensure that only valid trust anchors are installed during installation or replacement. However,<br />
in some cases other applications may install trust anchor keys in web browsers.<br />
Trust anchors in web browsers are used for several purposes, including the validation of<br />
S/MIME e-mail certificates and web server certificates for "secure websites" that use the<br />
SSL/TLS protocol to authenticate the web server and provide confidentiality. Users who visit<br />
"secure" websites that have a certificate not issued by a trust anchor CA may be given an<br />
opportunity to accept that certificate, either for a single session, or permanently. Relying users<br />
should be cautious about accepting certificates from unknown certification authorities so that<br />
they do not, in effect, inadvertently add new permanent trust anchors.<br />
Roaming users should be aware that they must trust all software on the host systems that they<br />
use. They may have particular concerns about trust anchors used by web browsers when they use<br />
systems in kiosks, libraries, Internet cafes, or hotels and systems provided by conference<br />
organizers to access "secure websites." The user has no control over the trust anchors installed in<br />
the host system, and therefore must rely upon the host systems to make sound choices of trust<br />
94