By: Christine Martz
Meaning of CA - "Certificate Authority", is an
entity trusted by all parties involved that for the purpose of
authentication issues a certificate to a user or a computer
whose identity it has already verified so that other users
and computers can rely on the authenticity of the certificate
holder's identity. Digital certificates contain information
about the holder's public key, it's expiration date, and the
digital signature of the certification authority.
CAs are used by SSL and
PKI,
cryptographic security systems that use a public or private key to
authenticate the identity of people and organizations for the purposes
of secure exchange of electronic messages over a public system such as the Internet.
“…Digital certificates are issued by third parties,
called certificate authorities, as a way of virtually
"notarizing" computer code. There are hundreds of
authorities, but Verisign is one of the largest. Each
authority is supposed to follow detailed procedures to
verify the identity of the programmer making a certificate
request.” [Bob Sullivan - MSNBC]
“…When you use a digital certificate, the CA vouches
for your identity. Such guaranteeing of identities and validating of
digital certificates is a lot of work for CAs. For the sake of performance
and scalability, often there is a chain of CAs to distribute the work.
A single CA is at the top of the hierarchy, which certifies the CAs
immediately below it, which certifies the next level down, and so on,
down to the lowest-level CA which certifies individual users.” [SecureComputing.com]
“…Setting up shop as a CA basically involves installing
certificate management and directory servers and complementary desktop software,
such as Web browser plug-ins. Certificate management servers generate certificates,
revoke them and perform other tasks. Certificates are stored in the directory server.”[Ellen Mesmer - Network World]
“…Certificates are signed by the Certificate Authority
that issues them. In essence, a CA is a commonly trusted third party that
is relied upon to verify the matching of public keys to identity, e-mail
name, or other such information. The benefits of certificates and CAs
occur when two entities both trust the same CA. This allows them to learn
each other's public key by exchanging certificates signed by that CA.
Once they know each other's public key, they can use them to encrypt data
and send it to one another, or to verify the signatures on documents.
A certificate shows that a public key stored in the certificate belongs
to the subject of that certificate. A CA is responsible for verifying
the identity of a requesting entity before issuing a certificate. The
CA then signs the certificate using its private key, which is used to
verify the certificate. A CA's public keys are distributed in software
packages such as Web browsers and operating systems, or they can also be
added manually by the user.”[Microsoft Corporation]
“…The confidence you can have in a given certificate
depends on the confidence you have in the certificate authorities and
in their procedures for ensuring that subsequent certificate recipients
in the certificate chain are fully authenticated. For this reason,
it is always a good idea to examine the certificate that comes
with a digital signature, even when the signature appears to be valid.” [Apple Computer, Inc]
