Basic Components of a Public Key Infrastructure

A public key infrastructure (PKI) provides the framework of services, technology, protocols, and standards that enable you to deploy and manage a strong and scalable information security system based on public key technology. The basic components of a public key infrastructure include digital certificates, certificate revocation lists, and certification authorities. Before public key cryptography can be widely used and easily managed on public networks, a public key infrastructure must be in place. Without a public key infrastructure, public key technology is not generally suitable for large-scale enterprise deployment.

This section describes the basic concepts and components of public key infrastructures that are based on the open standards recommended by the Public-Key Infrastructure (X.509) (PKIX) working group of the Internet Engineering Task Force (IETF). PKIX-compliant public key infrastructures can provide a high level of interoperability between public key security products from different vendors. For more information about the components and technology used in the Windows 2000 public key infrastructure, see "Windows 2000 Certificate Services and Public Key Infrastructure" in this book. For more information about the public key infrastructure recommendations of the PKIX working group, see the Internet Engineering Task Force (IETF) link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .