TML / Studies / T-110.402 / Homeworks
2002: Homework 1
The deadline is Tuesday 29.10 2002 at 15:45.
- Lecture slides and additional material (Schneier:S&L ch. 15)
- Internet X.509 Public Key Infrastructure: Roadmap (work in progress)
- RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile
- SPKI Certificate Theory
- What is a digital signature and what is it used for? (2 p)
How is one way hash function used when making a digital signature, and why? (2 p)
- Most systems that use public key cryptography (like PGP for example) are so called hybrid systems, i.e. they use both symmetric and asymmetric cryptography. When PGP encrypts a message, which part is encrypted using symmetric cryptography and which part using public key cryptography? (3 p)
- Consider the claim "PKI generates trust among people". Do you agree or not? Justify your choice.(3 p)
- Is trust transitive? (For example, if Alice and Bob trust each other, and Bob and Carol trust each other, does this mean that Alice and Carol should trust each other?) Justify your choice. (3 p)
- What is X.509? What are the most important differences between X.509 certificate versions? (3 p)
- SPKI was a IETF working group that designed a PKI-model especially for Internet use. What is the biggest difference between SPKI certificates and X.509 certificates? (2 p)
PKI structure and functions
- In Figure 1 in RFC 2459 there is a picture of PKIX-architecture. Give an example scenario (existing or imaginary) of a PKI system which has the entities mentioned in the picture, and explain which entities correspond to each part in the picture. (6 p)
- Compare PGP and X.509 based PKIs. Choose 5 important things and tell how they work in PGP and in a typical X.509 based system. (For example: need of third parties, key creation, scalability...) (5 p)
- What advantage and what disadvantage (offline) CRL has compared to online checking? (Mention one advantage and one disadvantage.) (2 p)
What is a delta-CRL? (1 p)
- "Digital certificates provide no actual security for electronic commerce; it's a complete sham." claims Bruce Schneier while headlines such as "Public Key Infrastructure Adds Security To E-Business" are seen in the media. Argue for either of these claims. (3 p)
Feedback (max. 2 p bonus)
How long did it take to do this assignment? Was the assignment too easy or too difficult? How could the assignment be made better?
The answers should be written to a text file (not e.g. a MS Word document). In the beginning of your answer file you should write your name and your student number. The answer file is signed and then returned by e-mail. You can also encrypt the file with the course public key if you want to.
One way to sign the answer file is clearsigning, which does not compress the text. The can be done in following way:
gpg --clearsign -u 'my_username' ans_1.txt
where ans_1.txt is the answer file. (If you want, you can alternatively use the normal signing, i.e. the option -s instead of --clearsign)
The signed file is then sent to the address firstname.lastname@example.org with the subject ASSIGNMENT 1
This can be done e.g. from the command line like this:
mailx -s "ASSIGNMENT 1" email@example.com < ans_1.txt.asc
(Note that in the command above, the quotes are not part of the subject but they tell the shell that the subject consists of several words.)
NB: There is no automatic comfirmation for returns. Save your answer files, at least until you get results, preferably 'til the end of the course.
This page is made by assistants of the course. Newsgroup of the course: opinnot.tik.verkkoturva
Last updated 11.10.2002.