{"id":5614,"date":"2015-05-06T17:21:57","date_gmt":"2015-05-06T16:21:57","guid":{"rendered":"http:\/\/www.markwilson.co.uk\/blog\/?p=5614"},"modified":"2015-05-06T17:21:57","modified_gmt":"2015-05-06T16:21:57","slug":"public-key-infrastructure-explained","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm","title":{"rendered":"Public key infrastructure explained"},"content":{"rendered":"<p>Last week, I was attending a presentation skills course where we had to give an impromptu presentation (well, we had an hour to prepare) on a topic of our choice. \u00a0One of my colleagues, Richard Butler, gave his talk on public key infrastructure (PKI) and Richard was the first person who\u00a0has explained PKI to me in a way that made me go &#8220;ah! got it!&#8221; because he used a great analogy.<\/p>\n<p>So, I&#8217;m going to attempt to repeat it here (with Richard&#8217;s permission)&#8230; and hopefully I&#8217;ll get it right!<\/p>\n<p>Richard&#8217;s first point was that PKI is thought of as a security tool, some technology, or something that&#8217;s needed to make the network secure. Actually, he suggests, there&#8217;s more to it than that&#8230;<\/p>\n<p>The first example Richard gives is one of\u00a0a server certificate (used to ensure that a service can be trusted and that confidentiality is maintained),\u00a0illustrated by way of border control.<\/p>\n<p>An airline\u00a0passenger\u00a0approaches a border (e.g. an immigration desk at the airport):<\/p>\n<ol>\n<li>The border\u00a0is where the passenger\u00a0expects it to be.<\/li>\n<li>A border guard wears a uniform, with an insignia (badge).<\/li>\n<li>The passenger\u00a0recognises the insignia and trusts it as genuine.<\/li>\n<li>The passenger interacts with the border guard to negotiate entry to the country.<\/li>\n<\/ol>\n<p>A server certificate is similar because it&#8217;s presented to\u00a0prove that the server is who they say they are and is trusted by users\u00a0accessing its services. The certificate is issued by a certificate authority, just as the border guard&#8217;s badge\u00a0is issued by a government agency.<\/p>\n<p>In Richard&#8217;s second example, a certificate is used to provide confidence that you are who you say you are, a process known as integrity or repudiation.<\/p>\n<ol>\n<li>As a citizen of a country, I request a passport from my\u00a0government.<\/li>\n<li>The\u00a0government validates my request.<\/li>\n<li>If my request is valid, a passport is issued.<\/li>\n<li>When visiting a foreign country, I present my passport at the border.<\/li>\n<li>The government of the foreign country trusts the government that issued the password to have carried out the necessary background checks that confirm I am who I say I am.<\/li>\n<li>I&#8217;m authorised\u00a0to enter the country.<\/li>\n<\/ol>\n<p>In this case:<\/p>\n<ul>\n<li>The issuing government&#8217;s passport authority\u00a0can be thought of as a certificate authority (CA) or issuing authority (IA)\u00a0&#8211; it&#8217;s\u00a0trusted by other countries to authorise passports.<\/li>\n<li>The passport can be thought of as a validated &#8220;client&#8221; certificate \u2013 it is trusted, because the passport authority\u00a0is\u00a0trusted (i.e. there is a chain of trust).<\/li>\n<li>The government in the foreign country can also be thought of as a certificate authority \u2013 it is trusted and authorises the immigration control.<\/li>\n<li>As described in the first example, the border\u00a0guard&#8217;s\u00a0insignia can be thought of as a &#8220;server&#8221; certificate \u2013 it is trusted as the foreign country is trusted to issue certificates.<\/li>\n<li>Humans apply logic to the approach and automatically make the appropriate assumptions and associations.<\/li>\n<\/ul>\n<p>In a public key infrastructure, there&#8217;s a hierarchy of certificate authorities:<\/p>\n<ul>\n<li>The offline root CA signs requests for sub-ordinate servers and holds the private key for the certificate root.<\/li>\n<li>A networked, subordinate CA signs requests for clients, and holds\u00a0its own private key.<\/li>\n<li>A certificate distribution point stores the public keys for the root CA and the subordinate CA (used to validate requests). It also holds information about certificate revocation (to use the passport\u00a0analogy, this might be where a citizen has been denied the right to travel, for example due to a pending prosecution).<\/li>\n<\/ul>\n<p>Using this PKI infrastructure a number of\u00a0interactions take place:<\/p>\n<ol>\n<li>A device creates a signing request and sends it to\u00a0a certificate\u00a0authority.<\/li>\n<li>The CA receives the signing request, validates the request, and\u00a0issues a certificate signed with its private key.<\/li>\n<li>The original device receives the signed certificate and stores it for future use as\u00a0a client\/server certificate.<\/li>\n<li>When a connection to a service is attempted, the connecting device receives a copy of\u00a0the\u00a0certificate and validates the name and signing CA using their public key. This validates the certificate chain and the certificate is proved to be valid.<\/li>\n<\/ol>\n<p>At the outset of this\u00a0description, Richard\u00a0explained that there is more to PKI than just a security tool, or\u00a0some technology services. \u00a0There&#8217;s actually a hierarchy of deployment considerations:<\/p>\n<ul>\n<li>Private key protection. Private keys are critical to the ability to sign certificates and therefore crucial to the integrity of the chain of trust.\n<ul>\n<li>A chain is only as strong as its weakest link.<\/li>\n<\/ul>\n<\/li>\n<li>Management procedures:\n<ul>\n<li>Validation of requests (stopping fraudulent certificates from being issued).<\/li>\n<li>Management of certificates (issuing,\u00a0revocation, etc.)<\/li>\n<\/ul>\n<\/li>\n<li>Deployment procedures:\n<ul>\n<li>Deploying and managing the PKI infrastructure itself.<\/li>\n<\/ul>\n<\/li>\n<li>Technology choices:\n<ul>\n<li>Whose PKI infrastructure will be used?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Drawn as a hierarchy (similar to Maslow&#8217;s hierarchy of needs), technology choices are at the top and are actually the least significant consideration. \u00a0Whilst having a secure technical solution is important, having the procedures to manage it are more so.<\/p>\n<p>Richard wrapped up his presentation\u00a0surmising that:<\/p>\n<ul>\n<li>PKI is 10% technology and 90% process.<\/li>\n<li>Deployment is 10% of the solution and management is 90%.<\/li>\n<li>PKI needs management from day one.<\/li>\n<\/ul>\n<p>If you do still want to know more about the technology (including seeing some\u00a0diagrams that might have helped to illustrate this post if I&#8217;d had the time), there&#8217;s <a href=\"http:\/\/blogs.technet.com\/b\/askds\/archive\/2009\/09\/01\/designing-and-implementing-a-pki-part-i-design-and-planning.aspx\">a Microsoft blog post series on designing and implementing PKI<\/a>, written by the Active Directory Directory Services team. \u00a0Other PKI solutions exist, but as\u00a0many organisations have an Active Directory, looking at the Microsoft implementation is as good a place as any to start to understand the various technologies that are involved.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week, I was attending a presentation skills course where we had to give an impromptu presentation (well, we had an hour to prepare) on a topic of our choice. \u00a0One of my colleagues, Richard Butler, gave his talk on public key infrastructure (PKI) and Richard was the first person who\u00a0has explained PKI to me &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Public key infrastructure explained<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[218],"tags":[583,43],"class_list":["post-5614","post","type-post","status-publish","format-standard","hentry","category-technology","tag-pki","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Public key infrastructure explained - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Public key infrastructure explained - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"Last week, I was attending a presentation skills course where we had to give an impromptu presentation (well, we had an hour to prepare) on a topic of our choice. \u00a0One of my colleagues, Richard Butler, gave his talk on public key infrastructure (PKI) and Richard was the first person who\u00a0has explained PKI to me &hellip; Continue reading Public key infrastructure explained\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2015-05-06T16:21:57+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Public key infrastructure explained\",\"datePublished\":\"2015-05-06T16:21:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm\"},\"wordCount\":946,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"PKI\",\"Security\"],\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm\",\"name\":\"Public key infrastructure explained - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2015-05-06T16:21:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/05\\\/public-key-infrastructure-explained.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Public key infrastructure explained\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Public key infrastructure explained - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm","og_locale":"en_GB","og_type":"article","og_title":"Public key infrastructure explained - markwilson.it","og_description":"Last week, I was attending a presentation skills course where we had to give an impromptu presentation (well, we had an hour to prepare) on a topic of our choice. \u00a0One of my colleagues, Richard Butler, gave his talk on public key infrastructure (PKI) and Richard was the first person who\u00a0has explained PKI to me &hellip; Continue reading Public key infrastructure explained","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm","og_site_name":"markwilson.it","article_published_time":"2015-05-06T16:21:57+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Public key infrastructure explained","datePublished":"2015-05-06T16:21:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm"},"wordCount":946,"commentCount":0,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["PKI","Security"],"articleSection":["Technology"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm","name":"Public key infrastructure explained - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2015-05-06T16:21:57+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/05\/public-key-infrastructure-explained.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Public key infrastructure explained"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":303,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/06\/making-sense-of-public-key.htm","url_meta":{"origin":5614,"position":0},"title":"Making sense of public key infrastructure","author":"Mark Wilson","date":"Friday 30 June 2006","format":false,"excerpt":"I've written a bit on this blog previously in an attempt to demystify public key infrastructure (PKI) but a fellow contributor to the Microsoft Industry Insiders blog, Adrian Beasley, has written an extensive article entitled make sense of public key infrastructure, which could be very useful for anyone trying to\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":700,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","url_meta":{"origin":5614,"position":1},"title":"Putting PKI into practice","author":"Mark Wilson","date":"Sunday 9 April 2006","format":false,"excerpt":"Recently, I blogged about public\/private key cryptography in plain(ish) English. That post was based on a session which I saw Microsoft UK's Steve Lamb present. A couple of weeks back, I saw the follow-up session, where Steve put some of this into practice, securing websites, e-mail and files. Before looking\u2026","rel":"","context":"In \"Microsoft Windows\"","block_context":{"text":"Microsoft Windows","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":541,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/03\/publicprivate-key-cryptography-in.htm","url_meta":{"origin":5614,"position":2},"title":"Public\/private key cryptography in plain(ish) English","author":"Mark Wilson","date":"Wednesday 22 March 2006","format":false,"excerpt":"Public key infrastructure (PKI) is one of those things that sounds like a good idea, but which I can never get my head around. It seems to involve so many terms to get to grips with and so, when Steve Lamb presented a \"plain English\" PKI session at Microsoft UK\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":831,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/low-cost-ssl-certificates-from-go-daddy.htm","url_meta":{"origin":5614,"position":3},"title":"Low cost SSL certificates from Go Daddy","author":"Mark Wilson","date":"Friday 6 July 2007","format":false,"excerpt":"I have a number of web services running at home, some of which are SSL secured; however, they are only used by me (and a few select friends and colleagues) so, in theory, I could generate certificates by creating my own public key infrastructure (PKI) and add my certificate authority\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"Go Daddy $14.99 SSL Sale!","src":"http:\/\/www.lduhtrp.net\/image-1875354-10382531","width":350,"height":200},"classes":[]},{"id":1162,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/08\/microsoft-infrastructure-architecture-considerations-part-3-controlling-network-access.htm","url_meta":{"origin":5614,"position":4},"title":"Microsoft infrastructure architecture considerations: part 3 (controlling network access)","author":"Mark Wilson","date":"Thursday 21 August 2008","format":false,"excerpt":"Continuing the series of posts on the architectural considerations for designing a predominantly-Microsoft IT infrastructure, based on the MCS Talks: Enterprise Infrastructure series, in this post, I\u00e2\u20ac\u2122ll look at some of the considerations for controlling access to the network. Although network access control (NAC) has been around for a few\u2026","rel":"","context":"In \"Architecture\"","block_context":{"text":"Architecture","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/architecture"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":660,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/11\/office-groove-2007-overview.htm","url_meta":{"origin":5614,"position":5},"title":"Office Groove 2007 overview","author":"Mark Wilson","date":"Thursday 30 November 2006","format":false,"excerpt":"At the risk of annoying yet more people at Microsoft after my comments in this week's Computer Weekly, last night I attended what was probably the worst Microsoft event I've ever been to. To be fair to Microsoft, they are kind of pre-occupied this week... some sort of big launch\u2026","rel":"","context":"In \"Microsoft Office\"","block_context":{"text":"Microsoft Office","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/office"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5614"}],"version-history":[{"count":1,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5614\/revisions"}],"predecessor-version":[{"id":5615,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5614\/revisions\/5615"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}