This section of the book covers the most important aspect of setting-up an X.509-based environment. The infrastructure is made up of several important components that are tightly integrated and must be kept secure at all times.
In terms of damage due to security breaches, X.509 infrastructure represents a vital point. Such breaches can lead to data disclosures to attackers, collapse of access control, and insertion of invalid data, to name the few. Once the security has been compromised, the entire trust model collapses and needs to be rebuilt from bottom-up, including all the services which used to rely on the X.509 infrastructure.
Taking all this into account, it's pretty obvious that it's necessary to employ as many security precautions and mechanisms when setting it all up, especially related to the security of certification authority itself.
Throughout this section the following components of the infrastructure will be covered:
Although these components are sufficient for the functioning of X.509 environment, certain holes do exists in the Free Software ecosystem. This is particularly related to the existence of decent enrolment and registration authority applications (mostly in terms of ease-of-use).