Your application accepts documents from unknown third parties over an encrypted connection. The documents are accompanied by a digital signature that attests to the origin of the document.

Which aspect of the system limits the degree of confidence you can have in the origin of any
given document if the implementation of all software is flawless?
A. The strength of the signature algorithm
B. The number of bits used in the signature
C. The strength of encryption used to hide the conversation
D. The certification practices associated with the certificate

Answer: D

I thought the answer would be either A or B. But this is not true, probably authors can have better understanding of this questions and provide answer/explanation why answer D is correct.

A and B can't really be taken separately, but in this case the answer been looked for is based on the idea that while a digital signature allows you to show that a document has arrived intact from the owner of a particular private key, showing that is a very different claim from saying the owner of a particular private key (as stated by the certificate) is who you think they are. The key word is origin.

Regards,

David

Thanks for reply.

Would this mean, there is not much trust in the origin (author) who is actually encrypting the documents since the whole process has been take care of by digital signature's which are trust worthy?

Yes, a valid signature just means the private key corresponding to the public key was used to generate it. It says nothing about who it was that used the private key.

Regards,

David