ATTEMPT ALL QUESTIONS AND PLS NO PLAGIARISM. 1. There are several different type

Question

ATTEMPT ALL QUESTIONS AND PLS NO PLAGIARISM.

1. There are several different types of digital certificate.

(a) What is a code-signing certificate?

(b) What are the important fields of a code-signing certificate?

(c) Discuss the potential impact of management failures in the different phases of the lifecycle of a code-signing certificate.

2. Visit the website of a well-known commercial CA to establish:

(a) what levels of public-key certificate they issue;

(b) what credentials they require for registration for these different levels of public-key certificate;

(c) what liability they accept for these different levels of public-key certificate;

(d) how often they publish certificate revocation lists (CRLs); (e) how clients access CRLs;

(f) what advice they provide clients concerning the importance of checking CRLs.

3. The article ‘Ten risks of PKI’ by Carl Ellison and Bruce Schneier [70] was written in 2000 and is widely available.

(a) Briefly summarise the ten risks described in the article.

(b) To what extent do you think these concerns remain valid today?

Explanation / Answer

1. (a) Code signing is the process of digitally signing a software script or code to provide valid identification to the author and to confirm that the code has not been hampered or altered since it has signed. Code signing basically gives a guarantee that the software author is a trusted author and that the code is not from an unknown source.

(b) A code signing certificate should have a common name and an organisation name. The common name should be the legal name of the organisation.The organisation name and the email id is optional.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.