Activity 5-2

What is key escrow?

Archiving a key with a third party.

4. What mechanism informs clients about suspended or revoked keys?

Either a published certificate revocation list (CRL) or an Online Certificate Status Protocol (OCSP) responder.

What mechanism does HPKP implement?

HTTP Public Key Pinning (HPKP) ensures that when a client inspects the certificate presented by a server or a code-signed application, it is inspecting the proper certificate. This is done by submitting one or more public keys to an HTTP browser via an HTTP header.

What are the potential consequences if a company loses a private key used in encrypted communications?

It puts both data confidentiality and identification and authentication systems at risk. Depending on the key usage, the key may be used to decrypt data with authorization. The key could also be used to impersonate a user or computer account.

What is the main weakness of a hierarchical trust model?

The structure depends on the integrity of the root CA.

What trust model enables users to sign one another's certificates, rather than using CAs?

The web of trust model. You might also just refer to this as PGP encryption.

What is an HSM?

A hardware security module (HSM) is any type of system for performing cryptographic operations and storing key material securely. An HSM is usually provisioned as a network-connected appliance, but it could also be a portable device connected to a PC management station or a plugin card for a server.