<div>Hi,</div>
<div> </div>
<div>Question 1:</div>
<div>In my opinion to "fully" communicate - and I think the important word here is fully - you would need none of the answers but 100. Let me explain. Yes you need to generate a total of 20 keys (10 public and 10 private), but this is not enough to communicate with each other if nobody owns the public key of the others.</div>
<div>Each user keeps his private key. Total = 10 for now.</div>
<div>Then, if you have ever worked with Linux servers and SSH connections, you know that you need to copy the public key of the remote server to your local server to work correctly. And if you want to automate more, you need to copy the local public key to the remote server. So for me, this is the same, there is no central repository here, each user has to send his public key to the 9 other users. 10 users sending to 9 users = 90. Total = 10 + 90 = 100</div>
<div>Each user does not need to keep his own public key (the private key is the only one important in our case) when completed, so the 10 users can get rid of it. Total remains 100.</div>
<div> </div>
<div>Question 2:</div>
<div>I was thinking, answer D, none of the answers.</div>
<div>As Clement Dupuis said you need Asymmetric and Digital Signature to ensure the 3 options: Integrity, Authenticity, Non-Repudiation. Digital Signature is using a hashing function and since hashing is a separate answer I would have said answer D as Asymmetric crypto by itself doesn't seem enough.</div>
<div> </div>
<div>Now my question: are all the questions at the CISSP exam of this kind? meaning the answer depends of how you understand the question??</div>
<div> </div>
<div>Thanks </div>
<div>Yann<br></div>
<div class="gmail_quote">
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote"><br>Message: 1<br>Date: Wed, 20 Jan 2010 21:08:10 +0800 (CST)<br>From: "<a href="http://yaling.lu/" target="_blank">yaling.lu</a>" <<a href="http://yaling.lu/" target="_blank">yaling.lu</a>@<a href="http://163.com/" target="_blank">163.com</a>><br>
To: <a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 19<br>Message-ID:<br> <<a href="mailto:5480199.757011263992890977.JavaMail.coremail@bj163app70.163.com">5480199.757011263992890977.JavaMail.coremail@bj163app70.163.com</a>><br>
Content-Type: text/plain; charset="gbk"<br><br>Hi,all<br>I agree with Tom<br>#1, it should be 20.<br>For the 10+10*10, the public key to everyone should be same, it should be correct to 10+10=20.<br><br><br>#2,I am not clear, would some explain in detail?<br>
I think intergrity is protected by HASH, authenticicity and non-repudiation are protected by Asymmetric.<br><br>Please discuss.<br><br>2010-01-20<br><a href="http://yaling.lu/" target="_blank">yaling.lu</a><br>Sales Engineer, McAfee<br>
<br></blockquote></div>