The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates. Which of the
following components does the PKI use to list those certificates that have been revoked or are no
longer valid?
A.
Certification Practice Statement
B.
Certificate Policy
C.
Certificate Revocation List
D.
Certification Authority
Explanation:
In public key infrastructures (PKIs) environment, a certificate revocation list (CRL) is a
list of certificates that have been revoked or are no
longer valid, and therefore should not be relied upon. A CRL is generated and published periodically,
after a defined timeframe. A CRL can also
be published immediately after a certificate has been revoked. The CRL is always issued by the CA
which issues the corresponding certificates.
All CRLs have a lifetime during which they are valid; this timeframe is often 24 hours or less. During a
CRL’s validity period, it may be consulted
by a PKI-enabled application to verify a certificate prior to use.
Answer option A is incorrect. A certification Practice Statement (CPS) is a policy document, defined
by the American Bar Association. The CPS is
associated with a certification authority (CA). It defines the measures that are used to secure CA
operations and management of the
certificates issued by the CA. The CPS can be considered as an agreement between the organization
managing the CA and the people relying
on the certificates issued by the CA.
Answer option B is incorrect. Certificate Policy is a policy statement defined in the X.509 standard.
The CP is associated with a certificate. It
defines the measures that are used to validate a certificate’s subject prior to certificate issuance and
the CA’s responsibilities regarding those
certificates. The CP is also considered as the certificate-issuance policy which can determine whether
the presented certificate will be trusted
or not.
Answer option D is incorrect. A certification authority (CA) or certificate authority is an entity that
issues digital certificates for use by other
parties. It is an example of a trusted third party. A CA issues digital certificates that contain a public
key and the identity of the owner. The
matching private key is not similarly made available publicly, but kept secret by the end user who
generated the key pair. The certificate is
also an attestation by the CA that the public key contained in the certificate belongs to the person,
organization, server or other entity noted
in the certificate. A CA’s obligation in such schemes is to verify an applicant’s credentials, so that
users and relying parties can trust the
information in the CA’s certificates. A variety of standards and tests are used by CAs to do so.
If the user trusts the CA and can verify the CA’s signature, then he can also verify that a certain
public key does indeed belong to a personidentified in the certificate.