| • Science | • People | • Locations | • Timeline |
A CA is usually a company that, for a fee, will issue a public key certificate which states that the CA attests that the public key contained in the certificate belongs to the 'owner' noted in the certificate. A CA's obligation in such schemes is to check an applicant's identity, so that users can trust certificates issued by that CA to belong to the people identified in it along with the data in it (as most usually, a public key), and not to an imposter. Thinking of the function of a notary public would not be too far off the mark.
It is this vouching aspect of the operation of a certificate authority which can present problems. If, in the actual workings of the organization, an error is made, any user who relies on the claimed connection between the data (ie, a public key) and the person/company it applies to, may have considerable troubles.
Consider a not too fanciful example. Some one manages to get a certificate authority to issue a false certificate tying Company A to a particular public key. When Customer Foo sends confidential information about a proposed purchase (pricing, delivery, etc) to Company A (relying on the correctness of the fraudulent certificate), but the certificate (and its public key) is actually controlled by Company B (A's competitor), Company A may be in some trouble. Company B may be able to undercut its offer and gain Foo's business. Commercial chicanery is obviously not of paramount importance, except perhaps to the victim(s), but consider a parallel situation involving negotiations between governments, or between environmental regulators and pollutors, or …
In actual practice, there have been many publicly known instances of bad certificates. The problem of assuring correctness of match between data and entity when the data are presented to the CA (perhaps over an electronic network), and when an indication of the identity of the person/company asking for a certificate is likewise presented, has not been solved. Notaries are required in some cases to personally know the party whose signature is being notarized; this is a higher standard than can be reached for many CA's. A primary point of several of the statutes that have been enacted regarding digital signatures has been to protect CA companies from the liability they potentially face if the certificates they issue are found to be in error.
In large-scale deployments Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA computer), so Bob's certificate may also include his CA's public key signed by a "higher level" CA2, which is presumably recognizable by Alice. This process leads, in general, to a hierarchy of CAs and CA certificates.