312-50V11 · Question #380
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company
The correct answer is B. Cross certification. Cross certification allows two independent CAs to mutually issue certificates to each other, establishing bidirectional trust between separate PKI hierarchies.
Question
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?
Options
- APoly key exchange
- BCross certification
- CPoly key reference
- DCross-site exchange
How the community answered
(28 responses)- A7% (2)
- B86% (24)
- C4% (1)
- D4% (1)
Why each option
Cross certification allows two independent CAs to mutually issue certificates to each other, establishing bidirectional trust between separate PKI hierarchies.
Poly key exchange is not a recognized PKI, cryptographic, or networking standard and describes no real mechanism for establishing CA trust relationships.
In cross certification, each CA issues a certificate to the other CA, creating a trust path so that entities in Company A's PKI can validate certificates issued by Company B's CA and vice versa. This mechanism enables two private PKIs to interoperate without requiring a shared common root CA, making it the standard solution when merging organizations with separate PKI infrastructures.
Poly key reference is not a defined term in any PKI or cryptography specification and has no technical meaning in the context of certificate authority trust establishment.
Cross-site exchange is not a PKI concept - the term cross-site belongs to web security (e.g., cross-site scripting, cross-site request forgery) and has no relevance to certificate authority trust models.
Concept tested: PKI cross certification for inter-organization CA trust
Source: https://csrc.nist.gov/publications/detail/sp/800-32/final
Topics
Community Discussion
No community discussion yet for this question.