CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [187]
The U.S. government prosecuted Zimmerman for three years because he released PGP. The government claimed he violated U.S. laws prohibiting the exportation of sensitive technology. The government claimed the encryption method supported terrorism and oppression instead of reducing it. The case was finally dropped. PGP has continued to grow in popularity worldwide.
RSA RSA provides cryptographic systems to both private businesses and the government. The name RSA comes from the initials of its three founders (Rivest, Shamir, and Adleman). RSA has been very involved in developing Public-Key Cryptography Standards (PKCS), and it maintains a list of standards for PKCS.
Public-Key Infrastructure X.509/Public-Key Cryptography Standards
The Public-Key Infrastructure X.509 (PKIX) is the working group formed by the IETF to develop standards and models for the PKI environment. The PKIX working group is responsible for the X.509 standard, which is discussed in the next section.
The Public-Key Cryptography Standards (PKCS) is a set of voluntary standards created by RSA and security leaders. Early members of this group included Apple, Microsoft, DEC (now HP), Lotus, Sun, and MIT.
Currently, there are 15 published PKCS standards:
■ PKCS #1: RSA Cryptography Standard
■ PKCS #2: Incorporated in PKCS #1
■ PKCS #3: Diffie-Hellman Key Agreement Standard
■ PKCS #4: Incorporated in PKCS #1
■ PKCS #5: Password-Based Cryptography Standard
■ PKCS #6: Extended-Certificate Syntax Standard
■ PKCS #7: Cryptographic Message Syntax Standard
■ PKCS #8: Private-Key Information Syntax Standard
■ PKCS #9: Selected Attribute Types
■ PKCS #10: Certification Request Syntax Standard
■ PKCS #11: Cryptographic Token Interface Standard
■ PKCS #12: Personal Information Exchange Syntax Standard
■ PKCS #13: Elliptic Curve Cryptography Standard
■ PKCS #14: Pseudorandom Number Generators
■ PKCS #15: Cryptographic Token Information Format Standard
These standards are coordinated through RSA; however, experts worldwide are welcome to participate in the development process.
X.509
The X.509 standard defines the certificate formats and fields for public keys. It also defines the procedures that should be used to distribute public keys. The X.509 version 2 certificate is still used as the primary method of issuing Certificate Revocation List (CRL) certificates. The current version of X.509 certificates is version 3, and it comes in two basic types:
■ The most common is the end-entity certificate, which is issued by a certificate authority (CA) to an end entity. An end entity is a system that doesn’t issue certificates but merely uses them.
■ The CA certificate is issued by one CA to another CA. The second CA can, in turn, issue certificates to an end entity.
For the exam, remember X.509 v2 for CRL and v3 for certificate.
All X.509 certificates have the following:
■ Signature, which is the primary purpose for the certificate
■ Version
■ Serial number
■ Signature algorithm ID
■ Issuer name
■ Validity period
■ Subject name
■ Subject public key information
■ Issuer unique identifier (relevant for versions 2 and 3 only)
■ Subject unique identifier (relevant for versions 2 and 3 only)
■ Extensions (in version 3 only)
SSL and TLS
Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method of establishing a session. The number of steps in the handshake depends on whether steps are combined and/or mutual authentication is included. The number of steps is always between four and nine, inclusive, based on who is doing the documentation.
Netscape originally developed the SSL method, which has gained wide acceptance throughout the industry. SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption.
You can find details on how the SSL process works at http://support.microsoft.com:80/support/kb/articles/Q257/5/91.ASP