Which of the following components MUST be trusted by all parties in PKI?

A.
Key escrow

B.
CA

C.
Private key

D.
Recovery key

Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing
certificates. In a simple trust model all parties must trust the CA.
In a more complicated trust model all parties must trust the Root CA.
Incorrect Answers:
A: Key escrow is nothing that needs to be trusted.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of
key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as
it relates to home mortgages) and made available if that third party requests them. The third party in
question is generally the government, but it could also be an employer if an employee’s private messages
have been called into question.
C: A private or secret key is an encryption/decryption key known only to the party or parties that
exchange secret messages.
D: A recovery key has no specific function within a PKI.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 278-290