nerdexam
EC-Council

312-50V10 · Question #380

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company

The correct answer is B. Cross certification. When two organizations with separate PKI hierarchies need to mutually recognize each other's certificates, their Certificate Authorities establish cross-certification.

Cryptography

Question

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

Options

  • APoly key exchange
  • BCross certification
  • CPoly key reference
  • DCross-site exchange

How the community answered

(18 responses)
  • A
    11% (2)
  • B
    78% (14)
  • C
    6% (1)
  • D
    6% (1)

Why each option

When two organizations with separate PKI hierarchies need to mutually recognize each other's certificates, their Certificate Authorities establish cross-certification.

APoly key exchange

'Poly key exchange' is not a recognized PKI standard or protocol and does not describe any real mechanism for establishing inter-CA trust.

BCross certificationCorrect

Cross-certification is a PKI mechanism where each CA signs the other CA's certificate, creating a bidirectional trust relationship that allows each organization's infrastructure to validate certificates issued by the other. This enables separate PKI hierarchies to interoperate without requiring consolidation into a single hierarchy.

CPoly key reference

'Poly key reference' is not a recognized PKI term and does not correspond to any defined process for establishing trust between Certificate Authorities.

DCross-site exchange

'Cross-site exchange' conflates web security terminology with PKI trust establishment and is not a defined mechanism for CA interoperability.

Concept tested: PKI cross-certification between separate CA hierarchies

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-32.pdf

Topics

#PKI#cross certification#certificate authority trust#multi-organization PKI

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice