CISSP · Question #387
Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?
The correct answer is A. They maintain the certificate revocation list.. Certificate Authorities (CAs) add value to e-commerce security primarily by maintaining the Certificate Revocation List (CRL), which allows relying parties to verify that a certificate has not been revoked before trusting it.
Question
Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?
Options
- AThey maintain the certificate revocation list.
- BThey maintain the private keys of transition parties.
- CThey verify the transaction parties' private keys.
- DThey provide a secure communication enamel to the transaction parties.
How the community answered
(33 responses)- A94% (31)
- B3% (1)
- D3% (1)
Why each option
Certificate Authorities (CAs) add value to e-commerce security primarily by maintaining the Certificate Revocation List (CRL), which allows relying parties to verify that a certificate has not been revoked before trusting it.
CAs maintain the Certificate Revocation List (CRL), which is a published list of digital certificates that have been revoked before their expiration date due to compromise, mis-issuance, or other reasons. This list is critical to e-commerce security because it allows browsers, servers, and other relying parties to check whether a certificate presented during a transaction is still valid and trustworthy, preventing the use of compromised credentials.
CAs never maintain or store the private keys of transaction parties; private keys are generated by the entity themselves and must remain secret and under the sole control of the key owner to preserve the integrity of asymmetric cryptography.
CAs verify the identity of certificate applicants and sign their public keys, not their private keys; verifying a private key would be a security violation since private keys must never be disclosed to any third party.
CAs do not provide a secure communication channel to transaction parties; secure channels are established through protocols such as TLS/SSL, which use the certificates issued by CAs but are separate from the CA's own functions.
Concept tested: Role of Certificate Authorities in PKI security
Source: https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/active-directory-certificate-services-overview
Topics
Community Discussion
No community discussion yet for this question.