An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?
A. Integrity
B. Availability
C. Confidentiality
D. Remediation
3 Comments on “which of the following concepts?”
Borissays:
I think that if the sender cannot be verified, the issue is Confidentiality because we are not confident that the site is what it says it is. Data Integrity is not an issue here.
0
0
Tonysays:
confidentiality refers to keeping the data secret (confidential). Typically, this is done using encryption.
integrity refers to the data being trustworthy, ensuring that it hasn’t been altered or is not spurious. Typically this is done with hashes and/or asymmetric encryption. The most common is to create a hash of the message, then encrypt this hash with your private key. This is commonly called a digital signature.
0
0
PeterPansays:
I think its Integrity, (you cannot trust what it said in the message.) The message could have come from someone else, or been altered.
Assume the email did come from someone else, then they wrote the email, and confidentiality is not your issue, since its not your data.
Now, if the email got altered along the way (thus invalidating the signature), then you can also assume a 3rd party is reading and altering your emails, thus you could assume Integrity and Confidentiality are concerns.
I think that if the sender cannot be verified, the issue is Confidentiality because we are not confident that the site is what it says it is. Data Integrity is not an issue here.
0
0
confidentiality refers to keeping the data secret (confidential). Typically, this is done using encryption.
integrity refers to the data being trustworthy, ensuring that it hasn’t been altered or is not spurious. Typically this is done with hashes and/or asymmetric encryption. The most common is to create a hash of the message, then encrypt this hash with your private key. This is commonly called a digital signature.
0
0
I think its Integrity, (you cannot trust what it said in the message.) The message could have come from someone else, or been altered.
Assume the email did come from someone else, then they wrote the email, and confidentiality is not your issue, since its not your data.
Now, if the email got altered along the way (thus invalidating the signature), then you can also assume a 3rd party is reading and altering your emails, thus you could assume Integrity and Confidentiality are concerns.
0
0