Certification Authority

Adams, Carlisle

doi:10.1007/0-387-23483-7_53

Carlisle Adams

102 Accesses

A Certification Authority^{Footnote 1} (CA) in a Public-Key Infrastructure (PKI) is an authority that is trusted by some segment of a population of entities—or perhaps by the entire population—to validly perform the task of binding public key pairs to identities. The CA certifies a key pair/identity binding by digitally signing (see digital signature scheme) a data structure that contains some representation of the identity of an entity (see identification) and the entity's corresponding public key. This data structure is called a “public-key certificate” (or simply a certificate, when this terminology will not be confused with other types of certificates, such as attribute certificates).

Although the primary and definitional duty of a CA is to certify key pair/identity bindings, it may also perform some other functions, depending upon the policies and procedures of the PKI in which it operates. For example, the CA may generate key pairs for entities upon request; it may store the key...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

1.
A CA is often called a “Certificate Authority” in the popular press and other literature, but this term is generally discouraged by PKI experts and practitioners because it is somewhat misleading: a CA is not an authority on certificates as much as it is an authority on the process and act of certification. Thus, the term “Certification Authority” is preferred.

References

Adams, C. and S. Farrell (1999). “Internet X.509 public key infrastructure: Certificate Management Protocols.” Internet Request for Comments 2510.
Google Scholar
Adams, C. and S. Lloyd (2003). Understanding PKI: Concepts, Standards, and Deployment Considerations (2nd ed.). Addison-Wesley, Reading, MA.
Google Scholar
Housley, R. and T. Polk (2001). Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. John Wiley & Sons, New York.
Google Scholar
ITU-T Recommendation X.509 (2000). “Information technology—open systems interconnection—the directory: public key and attribute certificate frameworks.” (equivalent to ISO/IEC 9594-8:2001).
Google Scholar
Myers, M., X. Liu, J. Schaad, and J. Weinstein (2000). “Certificate management messages over CMS.” Internet Request for Comments 2797.
Google Scholar

Download references

Authors

Carlisle Adams
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Eindhoven University of Technology, Eindhoven, The Netherlands
Henk C. A. van Tilborg

Rights and permissions

Reprints and permissions

Copyright information

About this entry

Cite this entry

Adams, C. (2005). Certification Authority. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_53

Download citation

DOI: https://doi.org/10.1007/0-387-23483-7_53
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering

Publish with us

Policies and ethics