The main assumption
here is that everybody involved in the system trusts the CA,
meaning that they will consider the opinion of CA to be ?¬?nal.
Let??™s get back to our Alice and Bob example. Alice wants to
send a secure message to Bob, but she never had any previous
interaction with him. She does not even know what he looks
like. On the other hand she knows that a friend of hers, Trent, is
also Bob??™s friend. Alice then asks Trent for Bob??™s key. Trent gives
PKI provides a way
of associating a key
to someone or
something
The CA is the root
source of all keys
and certi?¬?cates in
a PKI
The Babel of Cryptography 45
it to her, and she is ?¬?nally able to send a secure message to Bob.
How do we transfer this notion to the digital world? The most
widespread solution involves the use of digital certi?¬?cates.
A digital certi?¬?cate is a fragment of data signed by the CA. the
CA??™s public key is assumed to be available to everybody, so that
in all cases it is possible to verify that the digital signature is
valid and the content of the certi?¬?cate is truly endorsed by the
CA. The certi?¬?cate itself contains a number of things, but for our
ends it will suf?¬?ce to say that it is a container for the bits of a
public key and the name of the individual or organization to
which the certi?¬?cate has been awarded.
Pages:
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99