Cryptography Reference
In-Depth Information
report the results centrally. On the other hand, the security-critical processes
associated with a CA, such as public-key pair generation and certificate signing,
are probably best done within one well-defined business unit.
Whether the CA and RA roles are incorporated as one, or kept entirely separate,
there remains an important problem to address: what credentials should be
presented to the RA during registration?
The answer to this is, of course, application dependent. It is worth noting
that many CAs issue different types of public-key certificate (sometimes referred
to as
levels
of public-key certificate) depending upon the thoroughness of the
registration process. Public-key certificates of different levels may then be used
in different types of application. These certificates might have quite different
properties. For example, the liability that the CA accepts responsibility for (with
respect to any relying parties) might vary for different levels of public-key
certificate. We now give some examples of credentials:
• A very low level of public-key certificate might simply require a valid email
address to be presented at registration. The registration process might include
checking that the applicant can receive email at that address. This level of
credential is often enough for public-key certificates that can be obtained online
at no cost.
• Registration for public-key certificates for use in a closed environment, such as
an organisation's internal business environment, might involve presentation of
an employee number and a valid internal email address.
• Commercial public-key certificates for businesses trading over the Internet
might require a check of the validity of a domain name and the confirmation
that the applicant business is legally registered as a limited company.
• Public-key certificates for incorporation into a national identity card scheme
require a registration process that unambiguously identifies a citizen. This can be
surprisingly complex to implement. Credentials might include birth certificates,
passports, domestic utility statements, etc.
PROOF OF POSSESSION
If a public key and its certificate are created using combined generation then,
strictly speaking, it is possible for an attacker to attempt to register a public key
for which they do not know the corresponding private key. Such an 'attack' on a
verification key for a digital signature scheme might work as follows:
1. The attacker obtains a copy of Alice's verification key. This is a public piece of
information, so the attacker can easily obtain this.
2. The attacker presents Alice's verification key to an RA, along with the attacker's
legitimate credentials.
3. The RA verifies the credentials and instructs the associated CA to issue a public-
key certificate in the name of the attacker for the presented verification key.
4. The CA issues the public-key certificate for the verification key to the attacker.
