When reviewing a digital certificate verification process, which of the following findings represents
the MOST significant risk?
There is no registration authority (RA) for reporting key compromises.
The certificate revocation list (CRL) is not current.
Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
Subscribers report key compromises to the certificate authority (CA).
If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not
revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA)
can assume the responsibility if there is no registration authority (RA). Digital certificates containing
a public key that is used to encrypt messages and verifying digital signatures is not a risk.
Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables
the CA to take appropriate action.