Why does a PKI need a means to cancel or invalidate certificates? Why is it not sufficient for the PKI to stop distributing a certificate after it becomes invalid?
What will be an ideal response?
Certificates
can
be
forged
or
can
have
the
private
keys
used
to
create
them
compromised.
When
such
an
event
is
discovered,
any
questionable
certificates
are
added
to
certificate
revocation
lists;
it
is
the
duty
of
the
system
that
checks
a
certificate
for
validity
(e.g.,
the
web
browser)
to
also
check
the
certificate
revocation
lists
for
that
certificate.
Certificates
can
have
long
lifespans
(sometimes
years)
so,
without
the
possibility
of
revocation,
a
compromised
certificate
could
cause
problems
for
a
very
long
time.
You might also like to view...
MC The logical and operator ensures that______ .
a) two conditions are true. b) at least one condition is true. c) two conditions are false. d) None of the above.
Every Alice object has a number of predefined property variables.
Answer the following statement true (T) or false (F)