Editing Public key infrastructure (section)

== Capabilities ==

PKI provides "trust services" - in plain terms trusting the actions or outputs of entities, be they people or computers. Trust service objectives respect one or more of the following capabilities: Confidentiality, Integrity and Authenticity (CIA).

'''Confidentiality:''' Assurance that no entity can maliciously or unwittingly view a payload in clear text. Data is encrypted to make it secret, such that even if it was read, it appears as gibberish.  Perhaps the most common use of PKI for confidentiality purposes is in the context of Transport Layer Security ([[Transport Layer Security|TLS]]).  TLS is a capability underpinning the security of data in transit, i.e. during transmission. A classic example of TLS for confidentiality is when using a web browser to log on to a service hosted on an internet based web site by entering a password.

'''Integrity:''' Assurance that if an entity changed (tampered) with transmitted data in the slightest way, it would be obvious it happened as its integrity would have been compromised.  Often it is not of utmost importance to prevent the integrity being compromised (tamper proof), however, it is of utmost importance that if integrity is compromised there is clear evidence of it having done so (tamper evident).

'''Authenticity:''' Assurance that every entity has certainty of what it is connecting to, or can evidence its legitimacy when connecting to a protected service.  The former is termed server-side authentication - typically used when authenticating to a web server using a password.  The latter is termed client-side authentication - sometimes used when authenticating using a smart card (hosting a digital certificate and private key).