In the last tutorial, we saw an
example of a "man-in-the-middle" attack -- Trudy
convinces Bob that her (Trudy's) public key is that of Alice, and
Bob is none the wiser. Public key systems are vulnerable to
varieties of such attacks whenever the validity of a public key
cannot be positively verified.
This problem can be solved by the use of a Certificate
Authority, or CA. A CA is a
trusted intermediary who
certifies a public key as follows:
The CA first verifies the identity of the person or
organisation seeking to have their public key certified. How this
happens is up to the CA itself -- we simply have to
trust that their methods are sufficient.
The verified applicant's public key is incorporated into an
X.509 certificate. The certificate contains, in
addition to the public key, the "distinguished name" of the
applicant (sufficient to uniquely identify them), plus some other
stuff. The certificate is digitally signed by the
trusted CA's private key.
The CA's public key can subsequently be used by
anyone to verify the validity (and truth) of the certificate, and
thus can verify its holder's public key. For this to work, the CA's
public key must be widely disseminated in such a way that
everyone knows it and trusts that it is, indeed, the
public key of the CA that it purports to be. It should be so
well-known and widely available as to become "common knowledge" --
any attempt to fraudulently represent another key as being that of
the CA should be easily detectable.