The OpenCA Book: A guide to OpenCA, the Open Certification Authority | ||
---|---|---|
Prev | Chapter 2. Description of a Certification Authority | Next |
Using the certificate, Alice can claim that her public key is trustworthy to whoever asks. Bob who wants to communicate with her, will ask her for her Certificate. Bob, in order to verify her Certificate, needs to find somehow the public key of the Certification Authority that signed the public key of Alice. He needs to do that securely. If they are both on the same Certification Authority then he has it already. If not, he asks his Certification Authority to contact the other Certification Authority for the public key. For each Certification Authority Bob's Certification Authority asks, it needs to have the public key of the previous one, so that the communication is secure. If a chain can be found that leads to the other Certification Authority then a communication can be established.
Note: The issue of inter-CA trust is a very important since one bad CA can undermine the security of the whole infrastructure. This issue will not be covered here (at least in this version).