next up previous contents
Next: 5.2.1.9 What are the Up: 5.2.1 DAIS Security Previous: 5.2.1.7 What is the

5.2.1.8 What are the advantages (and disadvantages) of using public key technology in DAIS Security?

 
Linda Gricius (March, 1998):

Public key users have an inherently stronger binary key with which to authenticate. The key is not memorable, and was not selected by the user in any case. Because of their strength, public keys need be changed less frequently - and the certificate that holds the public key contains a built-in lifetime to enforce its replacement after a chosen period. The involvement of trusted "officers" in the creation and maintenance of public keys is also inherently more secure, requiring the collaboration of more if they wanted to abuse the system.

Users that form associations with their public key do not require the services of a Key Distribution Service, even during inter-domain association, which is more efficient at runtime.

Public key users also have an advantage in being able to use the same key to authenticate to many principal domains (if they are configured as members of those domains). Their keys are trusted on the basis of a Certification Authority (CA), the scope of which may span many principal domains. So having authenticated once to the CA system in order to get a public/private key pair, the key may be used to authenticate the user wherever that CA is trusted (until the key expires).

Since public key certificates may be freely distributed and certified at the point of use, there is also a fundamental scalability advantage to systems that use public keys.


next up previous contents
Next: 5.2.1.9 What are the Up: 5.2.1 DAIS Security Previous: 5.2.1.7 What is the