What is the purpose of certification path validation?
A.
Checks the legitimacy of the certificates in the certification path.
B.
Checks that all certificates in the certification path refer to same certification practice statement.
C.
Checks that no revoked certificates exist outside the certification path.
D.
Checks that the names in the certification path are the same.
Explanation:
Not C. Revoked certificates are not checked outside the certification path.
“A Transaction with Digital Certificates
1.)Subscribing entity sends Digital Certificate Application to Certificate Authority.
2.)Certificate Authority issues Signed Digital Certificate to Subscribing Entity.
3.)Certificate Authority sends Certificate Transaction to Repository.
4.)Subscribing Entity Signs and sends to Party Transacting with Subscriber.
5.)Party Transacting with Subscriber queries Repository to verify Subscribers Public Key.
6.)Repository responds to Party Transacting with Subscriber the verification request.”
Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition.
“John needs to obtain a digital certificate for himself so that he can participate in a PKI, so he
makes a request to the RA. The RA requests certain identification from John, like a copy of his
driver’s licens, his phone number, address, and other identification information. Once the RA
receives the required informoration from John and verifies it, the RA sends his certificate request
to the CA. The CA creates a certificate with John’s public key and identify information embedded.
(The private/public key pair is either generated by the CA or on John’s machine, which depends
on the systems’ configurations. If it is created at the CA, his private key needs to be sent to him by
secure means. In most cases the user generates this pair and sends in his public key during the
registration process.) Now John is registered and can participate in PKI. John decides he wants to
communicate with Diane, so he requests Diane’s public key from a public directory. The directory,
sometimes called a repository, sends Diane’s public key, and John uses this to encrypt a session
key that will be used to encrypt their messages. John sends the encrypted session key to Diane.
Jon then sends his certificate, containing his public key, to Diane. When Diane receives John’s
certificate, her browser looks to see if it trusts the CA that digitally signed this certificate. Diane’s
browser trusts this CA, and she makes a reques to the CA to see if this certificate is still valid. The
CA responds that the certificate is valid, so Diane decrypts the session key with her private key.
Now they can both communicate using encryption.” Pg 499 Shon Harris: All-In-One CISSP
Certification Guide.