Cryptography Reference
In-Depth Information
public-key management alternatives to public-key certificates, it also represents
a cryptographic primitive that
is likely to be used more often in future
applications.
In this chapter we have looked at particular key management issues that relate to the
management of key pairs for use in public-key cryptography. We have focussed on
the most common technique of using public-key certificates to provide assurance of
purpose of public keys, and have discussed management of the various phases of
the public-key certificate lifecycle.
The development of the Internet and World Wide Web triggered a signif-
icant interest in deploying public-key cryptography in the 1990s, since many
applications (such as web-based commerce) require security technologies that
work in open environments. However, every deployment of public-key cryptog-
raphy requires the associated key pairs to be properly managed. Many security
architects and developers discovered that the related key management issues
that we have discussed in this chapter are more difficult to address than
they first appear. In particular, while it is relatively easy to design management
solutions on paper (for example, CRLs for the problem of key revocation),
these solutions become very difficult
to implement
in the form of working
procedures.
Public-key cryptography subsequently suffered a rather 'mixed press', perhaps
due to over-hyped expectations and subsequent frustrations at the implementation
challenges and costs. It is important to recognise that:
• the main difficulties associated with implementing public-key cryptography all
arise due to key management issues and not the cryptographic technology
itself;
• the key management challenges associated with implementing public-key
cryptography are largely down to the nature of the environments in which it
is implemented.
This latter remark is important. We have argued in this chapter that it is fairly
straightforward to manage public keys in closed environments. However, these
are precisely the environments in which fully symmetric key management systems
can be implemented, and are hence normally preferred. Thus it could be argued
that the only reason that public-key management is perceived to be difficult is
because public-key cryptography tends to be implemented in challenging (open)
environments where it is not possible to use symmetric cryptography to provide the
necessary security services.
