Cryptography Reference
In-Depth Information
certificates. In the closed certification model, the more onerous issues concerning
public-key management, such as those relating to liability and revocation, are
more straightforward to solve than for the other models. This is because public-
key certificate owners and relying parties are all governed by the same certificate
management policies and practices.
CONNECTED CERTIFICATION MODEL
The
connected certification model
is depicted in Figure 11.4 and applies when the
relying party has a relationship with a trusted third party, which in turn has a
relationship with the owner's CA. The trusted third party that the relying party
has a relationship with could be another CA. In Figure 11.4 we describe it as a
validation authority
because its role is to assist the relying party to validate the
information in the owner's public-key certificate. Strictly speaking, this validation
authority may not necessarily be a CA.
We do not further specify the nature of the relationship between the owner's
CA and the relying party's validation authority, since there are many different
ways in which this could manifest itself. For example, the CA and validation
authority could both bemembers of a federation of organisations who have agreed
to cooperate in the validation of public-key certificates and have signed up to
common certificate management policies and practices. The important issue is
that, because the relying party has a relationship with the validation authority, the
relying party essentially delegates the task of verifying the public-key certificate
Certificate validation
Certificate Authority
Validation Authority
Certificate
e
Digital signature
Owner
Relying party
Figure 11.4.
Connected certification model
