According to RFC 5280, CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Which of the following certificate classes is used to convey a public key for use to begin certification paths? (Wentz QOTD)
A. Certificates in which the issuer and subject are different entities.
B. Certificates in which the issuer and subject are the same entity.
C. Certificates where the digital signature may be verified by the public key bound into the certificate.
D. Certificates that are issued to subjects not authorized to issue certificates.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is __.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
- What Is an X.509 Certificate?
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
根據 RFC 5280,CA 證書可以進一步分為三類:交叉證書(cross-certificates)、自頒發證書(self-issued certificates)和自簽名證書(self-signed certificates)。 以下哪個證書類別用於傳遞用於開始認證路徑的公鑰? (Wentz QOTD)
A. 發行人(issuer )和主體是不同實體的證書(certificates)。
B. 發行人和主體為同一實體的證書。
C. 數字簽名可以通過綁定到證書中的公鑰來驗證的證書。
D. 頒發給未獲授權頒發證書的主體的證書。