Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A.
Web of trust

B.
Non-repudiation

C.
Key escrow

D.
Certificate revocation list

Explanation:
Key escrow is a database of stored keys that later can be retrieved.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of
key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as
it relates to home mortgages) and made available if that third party requests them. The third party in
question is generally the government, but it could also be an employer if an employee’s private messages
have been called into question.
Incorrect Answers:
A: Web of trust is not used within the PKI domain. It is an alternative approach.
A web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the
authenticity of the binding between a public key and its owner. Its decentralized trust model is analternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a
certificate authority (or a hierarchy of such).
B: Nonrepudiation is a means of ensuring that transferred data is valid. Nonrepudiation is not used to
store data.
D: A certification list is just a database of revoked keys and certificates, and does not store any other
information.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 279-289, 285