资源描述:
《the concept of trust in network security》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、Entrust¨WhitePaperTheConceptofTrustinNetworkSecurityDate:August2000Version:1.2EntrustisaregisteredtrademarkofEntrust,Inc.intheUnitedStatesandcertainothercountries.EntrustisaregisteredtrademarkofEntrustLimitedinCanada.AllotherEntrustproductnamesandservicenamesaretrademarks
2、orregisteredtrademarksofEntrust,IncorEntrustLimited.Allothercompanyandproductnamesaretrademarksorregisteredtrademarksoftheirrespectiveowners.©Copyright2000-2003Entrust.Allrightsreserved.2IntroductionEverysecuritysystemdependsontrust,inoneformoranother,amongusersofthesyste
3、m.Ingeneral,differentformsoftrustexisttoaddressdifferenttypesofproblemsandmitigateriskincertainconditions.Whichformoftrusttoapplyinagivencircumstanceisgenerallydictatedbycorporatepolicy.InanetworksecuritysolutionsuchasEntrust,therearetwoimportantformsoftrustthatcustomerss
4、houldunderstand:third-partytrustanddirect(personal)trust.Thepurposeofthispaperistointroducetheseconceptsandprovideadditionalinformationsothatcustomersunderstandwhichformoftrustshouldbeappliedinagivensituation.Tofullyexplainthird-partyanddirecttrust,thepaperalsointroducest
5、hefollowingconcepts:CertificationAuthorities,CertificationAuthoritydomains,certificates,andcross-certification.Thispaperassumesthereaderhasabasicunderstandingofpublic-keycryptography.2.Third-PartyTrustThird-partytrustreferstoasituationinwhichtwoindividualsimplicitlytruste
6、achothereventhoughtheyhavenotpreviouslyestablishedapersonalrelationship.Inthissituation,twoindividualsimplicitlytrusteachotherbecausetheyeachsharearelationshipwithacommonthirdparty,andthatthirdpartyvouchesforthetrustworthinessofthetwopeople.Third-partytrustisafundamentalr
7、equirementforanylarge-scaleimplementationofanetworksecurityproductbasedonpublic-keycryptography.Public-keycryptographyrequiresaccesstousers'publickeys.Inalarge-scalenetwork,however,itisimpracticalandunrealistictoexpecteachusertohavepreviouslyestablishedrelationshipswithal
8、lotherusers.Inaddition,becauseusers'publickeysmustbewidelyavailable,theassociationbetweenapublic
