|
|
2.2.1 S/MIME
2.2.2 PGP
2.4 Directory – Recognition not administration
2.4.1 SSL/TLS
4.4 Standards and Protocols
4.5 Key Management/Certificate Lifecycle
4.5.1 Centralized vs. Decentralized
4.5.2 Storage
4.5.2.1 Hardware vs. Software
4.5.2.2 Private Key Protection
4.5.3 Escrow
4.5.4 Expiration
4.5.5 Revocation
4.5.5.1 Status Checking
4.5.6 Suspension
4.5.6.1 Status Checking
4.5.7 Recovery
4.5.7.1 M of N Control
4.5.8 Renewal
4.5.9 Destruction
4.5.10 Key Usage
4.5.10.1 Multiple Key Pairs (Single, Dual)
A number of encryption standards are available to use. However, your choices may be limited by your working environment, the technologies you have available, and by any contractual agreements you have made. Many encryption standards were developed to address a specific need or application. This chapter addresses the more common standards and methods that are used to manage the systems used in the security implementation process.
In order to implement a secure environment, you need to have a broad understanding of the capabilities of the technology you are using. To do so, you should conduct a comprehensive evaluation of the management processes you will need in order to implement a supportable system in your environment.
This chapter discusses the origins of common standards and protocols. It builds on the last chapter's discussion of cryptography. It also discusses key management and the key life cycle.
|
|