The previous section emphasized the need for public keys to be distributed in a trustworthy
manner. Simply sending the key electronically should not be considered safe as the
message might be tampered with on the way, though this is done in many cases. Having one
person physically hand another a memory-stick containing the key would be probably
acceptable, but is usually impractical. The solution used on the Internet is to use a trusted
third party called a Certificate Authority (CA).
A CA is an organization which specializes in issuing public key certificates. They only issue
certificates to parties (or subjects) after they have provided sufficient documentary evidence of
their identity. There are only a few CAs in the world and, since their viability relies on their
trustworthiness, they can usually be relied on to do a good job of validating their subjects.
Each CA has its own private-public key-pair and its own certificate (called a root certificate).
Since there are so few CAs and since they rarely change their keys, it is feasible for software
to be distributed with a list of the certificates of all existing CAs. For example, Microsoft's and
Netscape's browsers are both distributed with files containing lists of root certificates.
A certificate issued to a subject by a CA contains:
A subject's certificate may be validated in the following way:
Once this has been done, the party can trust that the public key in the certificate is indeed the
public key that they expected. This public key may henceforth be used to establish secure
communications with the subject in the manner described in Section 12.
Note that although the CA has signed a certificate containing the public key of the subject, the CA does not have the subject's private key. To issue a certificate, the CA only requires access to the public key. The CA obtains this public key from the subject applying for a certificate. It is therefore up to the subject to generate the private-public key-pair before applying to a CA for a certificate.