Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Are Certification Authorities susceptible to attack?

Attack Authorities Certification susceptible
0
Posted

Are Certification Authorities susceptible to attack?

0 CommentsAdd a Comment

1 Answer

0

One can think of many attacks aimed at the Certification Authority, which must be prepared to defend against said attacks. Consider the following attack. Suppose Bob wishes to impersonate Alice. If Bob can convincingly sign messages as Alice, he can send a message to Alice’s bank saying “I wish to withdraw $10,000 from my account. Please send me the money.” To carry out this attack, Bob generates a key pair and sends the public key to a Certification Authority saying “I’m Alice. Here is my public key. Please send me a Digital ID.” If the CA is fooled and sends him such a Digital ID, he can then fool the bank, and his attack will succeed. In order to prevent such an attack the CA must verify that a digital certificate request did indeed come from its purported author, i.e., it must require sufficient evidence that it is actually Alice who is requesting the Digital ID. The CA may, for example, require Alice to appear in person and show a birth certificate. Some CAs may require very littl

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.