In the section ???HTTPS,???
you saw this concept applied to websites, showing how the
infrastructure can be used for supporting server authentication.
Because certi?¬?cates and asymmetric cryptography in general
work so well for handling data exchange and identity of services,
it is reasonable to expect that those good properties may
apply to end users, too. A CA can issue a certi?¬?cate for an end
user, assigning a suitable value to the subject ?¬?eld. All the end
user has to do is show off his knowledge of the corresponding
private key, and everybody who trusts the CA will have all the
evidence needed for believing in the identity of the user. Sounds
straightforward, and in terms of the principle it is. The idea has
been successfully applied in a number of technologies and contexts
in which passwords are deemed sorely inef?¬?cient, and the
?¬?eld is in constant evolution. However, there are a number of
attention points that must be addressed when using certi?¬?cates
assigned to end users. Although the majority of situations in
which this technology is applied are suitable for addressing
those issues, this is not necessarily the case on the scale of the
Internet.
Pages:
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120