, , , .
, . , . , (. man in the middle).
, . , , , . , , . .
, . , ( - ).
. (. Public Key Infrastructure, . PKI).
, CA_1 CA_2 CA_3, , , .
. , X.509. , . 2.12 [11]
, ( 1 0 . .). X.509 (ID , ID ) . , .
, .
, . .
- , . Relative Distinguished Name - RDN( , - ).. CN (. Common Name) ; OU (. Organization Unit) ; DC (. Domain Component)
N = Microsoft Root Authority,
OU = Microsoft Corporation,
OU = Copyright (c) 1997 Microsoft Corp.
2.12 - X.509 v.3
, RDN. :
CN = Microsoft Windows Hardware Compatibility, OU = Microsoft Corporation,
|
|
OU = Microsoft Windows Hardware Compatibility Intermediate CA, OU = Copyright (c) 1997 Microsoft Corp.
, ( . .). .
, , , .
ID ID ( CA ).
, , , . .
() , . .
- .
:
- / (), ;
- (), ;
, , , , . .;
, (, , , );
;
, ;
;
,
.
, , , web-, ftp-, . , A B ( B ), [8]:
1) CB
() B;
2) CB (. );
3) ( ) , CB.
CB :
1) CB, , ;
2) CB , , D;
3) D = B, , , D=ROOT (, , ROOT, );
4) D B, CD D, CD;
|
|
5) - CB, CD
KD;
6) KD CB, CB.
(- , . .), - (. Certificate Revocation List, . CRL). CRL 2.13. .
CRL. .
, CRL. .
RDN. CRL.
, CRL. ,
CRL , . .
2.13 -
, , , , .
, .
.
CRL , , , CRL , . . . , CRL .
PKI . . .
PKI, . :
- , - , , ;
- , .
, . , S/MIME PGP, SSL . .