Production Considerations

The installation of a Public Key Infrastructure incorporating the ActivID Validation Suite requires close attention to security procedures.

As discussed previously, there are two server types involved in a full Validation Suite installation.

• The back-end Validation Authority is a trusted system that must be protected from unauthorized use. Any compromise of the Validation Authority security will require an expensive revocation and “re-keying” of Validation Authority, with a resulting disruption in service.

• The second server type, Validation Responder, does not hold sensitive secrets, but still must be protected from common network attacks which can degrade its ability to provide service to legitimate relying parties.

Topics in this section: