What is a certificate authority?


Certificate authorities (CA) are trusted parties that provide parties to secure communication with digital certificates.  Secure Socket Layer protocol (SSL) requires the use of certificate authorities who ensure authenticity of the communicating parties and provide them with encryption keys for secure communication.  Currently there are only a few CAs and the most commonly used is Verisign.


There are three strategies for procuring services of CAs:



CAs have hierarchical infrastructure:


Some of the short comings of CAs are:


Consumer generates his key pair and sends the public key to the CA along with some required credentials.  CA checks the identity of the applicant and ensures that the request has actually come from the applicant and that public key of the applicant has not been modified in transit either accidentally or maliciously.  The certificate that is issued certifies the binding between the applicant and his public key.  It also includes the hierarchy of certificates that verify the public key of the CA or it includes the CA's public key.  It is the legitimacy of his public key that the consumer demonstrates by presenting the hierarchy of certificates along with his public key to the merchant.


Which certificate authorities does your IE browser trust?  Can you remove one from the list of trusted ones?  What are the implications If you do remove them?





Cross certification is used frequently and is important as an enabler of commercial transactions.  What is cross certification? How does it help?





As students, do you see a part for the university to potentially play as CA to issue you with digital certificates? Discuss.