Certi?¬?cates are a very good mean of propagating key material
while leveraging the existing trust relationship. Back to our scenario,
Alice can now acquire the certi?¬?cate that Trent emitted
for Bob. Such a certi?¬?cate will supply Alice with Bob??™s public
key and will contain an explicit reference to Bob (the subject of
the certi?¬?cate). Alice trusts Trent, and checking his digital signature
enveloping the certi?¬?cate is all she needs for considering
the contained key as truly belonging to Bob. Alice is able to
check Trent??™s signature because she owns a copy of Trent??™s public
key, itself encapsulated in a special kind of certi?¬?cate (a root
certi?¬?cate) that Trent endorses himself. This is all summarized in
Figure 1-7. This creates a problem for Eve. Without Trent??™s private
key for endorsing her forged certi?¬?cates, she won??™t be able
to impersonate Bob anymore.
The most common format for certi?¬?cates is known as X.509. All
the minutiae of the ?¬?le layout are de?¬?ned in this standard so that
implementers can build certi?¬?cate-based systems regardless of
the platform. We come back to certi?¬?cates often in the following
pages.
A digital certi?¬?cate
associates an entity
with its public key
Certi?¬?cates leverage
the trust relationships
between
parties
The X.
Pages:
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100