Trusted third parties and public-key certificates
A trusted third party has been used in §1.8.3 and again here in §1.11. The trust placed on this entity varies with the way it is used, and hence motivates the following classification.
- 1.65 Definition A TTP is said to be unconditionally trusted if it is trusted on all matters. For example, it may have access to the secret and private keys of users, as well as be charged with the association of public keys to identifiers.
- 1.66 Definition A TTP is said to be functionally trusted if the entity is assumed to be honest and fair but it does not have access to the secret or private keys of users.
§1.11.1 provides a scenario which employs an unconditionally trusted TTP. §1.11.2 uses a functionally trusted TTP to maintain the integrity of the public file. A functionally trusted TTP could be used to register or certify users and contents of documents or, as in §1.8.3, as a judge.
The distribution of public keys is generally easier than that of symmetric keys, since secrecy is not required. However, the integrity (authenticity) of public keys is critical (recall §1.8.2).
A public-key certificate consists of a data part and a signature part. The data part consists of the name of an entity, the public key corresponding to that entity, possibly additional relevant information (e.g., the entity’s street or network address, a validity period for the public key, and various other attributes). The signature part consists of the signature of a TTP over the data part.
hi order for an entity В to verify the authenticity of the public key of an entity A, В must have an authentic copy of the public signature verification function of the TTP. For simplicity, assume that the authenticity of this verification function is provided to В by non- cryptographic means, for example by В obtaining it from the TTP in person. В can then carry out the following steps:
- 1. Acquire the public-key certificate of A over some unsecured channel, either from a central database of certificates, from A directly, or otherwise.
- 2. Use the TTP’s verification function to verify the TTP’s signature on A’s certificate.
- 3. If this signature verifies correctly, accept the public key in the certificate as A’s authentic public key; otherwise, assume the public key is invalid.
Before creating a public-key certificate for A, the TTP must take appropriate measures to verify the identity of A and the fact that the public key to be certificated actually belongs to A. One method is to require that A appear before the TTP with a conventional passport as proof of identity, and obtain A’s public key from A in person along with evidence that A knows the corresponding private key. Once the TTP creates a certificate for a party, the trust that all other entities have in the authenticity of the TTP’s public key can be used transitively to gain trust in the authenticity of that party’s public key, through acquisition and verification of the certificate.