Infrastruktur for tillitshåndtering i Windows

A PKI is viewed by many as a solution that satisfies the security requirements that need to be met by today’s computer systems. The main task of a PKI system is to facilitate the establishment of trust between PKI users and other units or users, by verifying public keys stored in digital certificates. A PKI can, e.g., be used as a platform for e-commerce, since it provides support for signing and encrypting of files, email and other data. Microsoft has implemented a PKI system in their operating systems Windows 2000 and Windows XP. This document describes the general PKI concept, the PKI functionality offered by Windows 2000 and how well these functions are implemented. Windows 2000 PKI goes a long way towards fulfilling the requirements one expects a PKI system to meet, but some aspects, such as checking of revocation lists, are not satisfactorily implemented.