1
00:00:01,390 --> 00:00:06,700
Welcome to the module entitled public key infrastructure which discusses how to implement the principle

2
00:00:06,700 --> 00:00:09,190
of trust but control.

3
00:00:09,420 --> 00:00:13,530
First of all let's think about public infrastructure from the functional perspective.

4
00:00:16,350 --> 00:00:22,420
Let's assume that we are the person on the left side of the picture above for some reason we have to

5
00:00:22,420 --> 00:00:25,290
consult a doctor.

6
00:00:25,360 --> 00:00:30,400
The first thing we need to do before we follow this doctor's instructions and advise is consider whether

7
00:00:30,400 --> 00:00:33,020
this is actually a person whom we should trust.

8
00:00:34,590 --> 00:00:37,150
How do we verify this.

9
00:00:37,180 --> 00:00:44,000
The problem is that we don't know them personally in business life and in particular in the virtual

10
00:00:44,000 --> 00:00:49,010
world of the Internet we often have to trust sometimes in important matters.

11
00:00:49,370 --> 00:00:57,300
People who have never seen with our own eyes people whom we don't know how can we build a relationship

12
00:00:57,300 --> 00:01:00,290
of trust.

13
00:01:00,400 --> 00:01:02,830
Maybe we need to take someone at their word.

14
00:01:02,910 --> 00:01:04,330
I'm the best.

15
00:01:04,330 --> 00:01:07,090
And in addition I have good intentions.

16
00:01:08,380 --> 00:01:11,570
If not me then who can you trust.

17
00:01:11,700 --> 00:01:15,600
If we're skeptical to such an approach we may ask a person to prove it.

18
00:01:17,460 --> 00:01:19,430
What can this person do at this point.

19
00:01:20,780 --> 00:01:25,830
Maybe he can show a diploma from a reputable university.

20
00:01:25,840 --> 00:01:28,210
What questions should now appear in our mind.

21
00:01:28,510 --> 00:01:30,460
Is this a school that we can trust.

22
00:01:32,280 --> 00:01:38,490
A person who we don't know a doctor tries to prove to us his identity by showing us a document issued

23
00:01:38,490 --> 00:01:41,760
by some organization.

24
00:01:41,850 --> 00:01:47,040
If the document is the original and is not falsified in any way then for this relationship of trust

25
00:01:47,040 --> 00:01:52,380
to make sense the organization issuing the diploma must be on a list of organizations that we already

26
00:01:52,380 --> 00:01:59,730
trust we trust that the school produces talented graduates.

27
00:01:59,810 --> 00:02:08,260
If this is the case and the given person is a graduate from this school we trust that person a relationship

28
00:02:08,260 --> 00:02:17,270
of trust based on certificates is built this way certificates confirm the identity of system users.

29
00:02:17,280 --> 00:02:23,140
However in order to trust the certificate we must trust the certification authority who issued it.

30
00:02:23,160 --> 00:02:24,580
This is the starting point.

31
00:02:29,290 --> 00:02:31,000
How does it work in practice.

32
00:02:31,900 --> 00:02:34,900
How do we implement the comic shown in a computer system.

33
00:02:36,450 --> 00:02:39,450
We need a few things.

34
00:02:39,530 --> 00:02:44,660
First we need certification authorities meaning services that will issue certificates to authorized

35
00:02:44,660 --> 00:02:46,590
users.

36
00:02:46,600 --> 00:02:51,410
We assume that the procedure for issuing certificates will be in accordance with our expectations.

37
00:02:53,330 --> 00:03:00,420
The basic error is also that we trust all certificates in the same way some certification authorities

38
00:03:00,420 --> 00:03:02,160
are more reliable than others.

39
00:03:05,030 --> 00:03:12,340
Secondly we need the certificates themselves their digital identity cards.

40
00:03:12,410 --> 00:03:18,440
This may be something like in the previous picture a lemonade a diploma with the seal of a given university

41
00:03:19,010 --> 00:03:23,790
in order to be certain that it is the school which issued it.

42
00:03:23,810 --> 00:03:32,410
However we do not use laminated pieces of paper and computer systems we use data in digital form exactly

43
00:03:32,410 --> 00:03:39,500
the same principle applies to a digital certificate a digital certificate will be evidence of somebodies

44
00:03:39,520 --> 00:03:40,310
identity.

45
00:03:41,170 --> 00:03:48,210
Issued by someone else and signed by them this someone will be the certification authority the use of

46
00:03:48,210 --> 00:03:51,760
certificates is strictly defined.

47
00:03:51,970 --> 00:03:57,370
If we visit a doctor and he showed us a diploma from a technical university it wouldn't necessarily

48
00:03:57,370 --> 00:04:03,030
arouse our confidence regarding his competence in the field of medicine.

49
00:04:03,270 --> 00:04:05,070
We would know that he actually is.

50
00:04:05,100 --> 00:04:06,910
For example John Smith.

51
00:04:07,170 --> 00:04:09,420
And that is a great electronic engineer.

52
00:04:09,780 --> 00:04:13,850
But this doesn't translate into his capacity to perform open heart surgery.

53
00:04:15,900 --> 00:04:22,730
The same is true with certificates a certificate has a specific purpose and its purpose is clearly defined

54
00:04:22,730 --> 00:04:24,520
and recorded in the certificate.

55
00:04:26,710 --> 00:04:33,680
In practice to issue certificates the certification authority must have some sort of template on the

56
00:04:33,680 --> 00:04:35,050
basis of the template.

57
00:04:35,360 --> 00:04:38,910
It will issue the certificates somehow.

58
00:04:38,930 --> 00:04:40,550
We need to receive the certificate

59
00:04:43,930 --> 00:04:47,100
we need to have a certificate distribution point.

60
00:04:47,410 --> 00:04:54,850
We need to know where to go to get the certificate all the more in computer systems because very often

61
00:04:54,850 --> 00:05:01,080
we will request such certificates automatically in one of the past modules.

62
00:05:01,220 --> 00:05:05,530
We had the opportunity to discuss the topic of encrypted file systems.

63
00:05:05,660 --> 00:05:16,350
FS there are also we use a certificate an application or a request to issue a certificate was sent automatically.

64
00:05:16,480 --> 00:05:23,360
Let's return to the earlier analogy of the patient and the doctor even if the doctor had a certificate

65
00:05:23,360 --> 00:05:27,610
from a medical university and we trusted the school we should still check.

66
00:05:27,620 --> 00:05:28,620
One more thing.

67
00:05:31,170 --> 00:05:36,330
We should check whether or not this certificate is still valid whether or not for some reason that person

68
00:05:36,330 --> 00:05:42,790
has not lost his competence for example whether or not the university revoked the certificate.

69
00:05:44,840 --> 00:05:49,150
In the case of a university diploma this really happens.

70
00:05:49,240 --> 00:05:54,020
But in the computing environment certificate relocation is not so rare.

71
00:05:56,660 --> 00:06:01,610
We should still have some tools to manage the entire infrastructure in an effective and efficient manner.

72
00:06:03,050 --> 00:06:05,200
Meaning all the points which will be talked about.