Week 9 & 10: Digital Certificates

Question 1

How is Man in Middle attack prevented with Diffie-Hellman?

Answer 1

Bob sends signature and certificate along with g^b.

Question 2

What is the point of a digital signature?

Answer 2

Verifies authenticity of message with public key

Question 3

What is the difference between a digital signature and a MAC tag?

Answer 3

MAC tag is generated using a symmetric key, so it can be regenerated if key is known.

A digital signature is generated using a private key and can be verified with another public key.

Question 4

What is the point of the digital certificate?

Answer 4

Verifies the identity of the sender by using a third party.

Question 5

What does a digital certificate validate specifically?

Answer 5

• domain validation
• organization validation
• extended validation

Question 6

When can a certificate be revoked?

Answer 6

• If expired
• If company is hacked
• If CA is hacked
• If business name is changed
• If company goes out of business

Question 7

What are the methods to check if certificate is revoked?

Answer 7

1. Download CRL (Certificate Revocation List) and go through it manually
2. OCSP - Real time look up by contacting CA and asking it
3. OCSP Stapling - Receive latest time stamped OCSP from server