The clients of a CA are server supervisors who call for a certificate that their servers will bestow to users. A malicious or compromised client can skip any security check and still fool its users into believing otherwise. This makes sense, as many users need to trust their client software. Usually, client software-for example, browsers-include a set of trusted CA certificates. The client uses the CA certificate to authenticate the CA signature on the server certificate, as part of the authorizations before launching a secure connection. Such a scenario is commonly referred to as a man-in-the-middle attack. A certificate is essential in order to circumvent a malicious party which happens to be on the route to a target server which acts as if it were the target. Trusted certificates can be used to create secure connections to a server via the Internet. Another common use is in issuing identity cards by national governments for use in electronically signing documents. One particularly common use for certificate authorities is to sign certificates used in HTTPS, the secure browsing protocol for the World Wide Web. The format of these certificates is specified by the X.509 or EMV standard. A CA acts as a trusted third party-trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A digital certificate certifies the ownership of a public key by the named subject of the certificate. In cryptography, a certificate authority or certification authority ( CA) is an entity that stores, signs, and issues digital certificates.
0 kommentar(er)
