ABSTRACT
Introduction As public key certi‚cates technology became an enabler for many security controls, it became more important to understand all types of risk associated with the use of this technology and its processes and components. Œis understanding is necessary to address and mitigate the risk and also to make intelligent design decisions that would a‰ord a desirable performance and availability without jeopardizing con‚dentiality, integrity, and other security requirements. As new technology trends, like cloud computing and service-oriented architecture, are maturing, the reliance on public key-based security controls, like digital signature and encryption, is increasing, as is the risk of misuse or compromise of the certi‚cates. Several recent researches and publications (KMNSK, STRV) point at a few very speci‚c vulnerabilities that can be exploited in the certi‚- cate applications.
