• Certificate authority—A certificate authority (CA) is an authority in a network that issues and manages security
credentials and public keys for message signature verification or encryption. The CA attests to the authenticity of
the owner of a public key. The process involves a CA who makes a decision to issue a certificate based on evidence
or knowledge obtained in verifying the identity of the recipient. As part of a PKI, a CA checks with a registration
authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor’s
information, the CA can then issue a certificate. Upon verifying the identity of the recipient, the CA signs the certificate
with its private key for distribution to the user. Upon receipt, the user will verify the certificate signature with the
CA’s public key (e.g., commercial CAs such as VeriSign™ issue certificates through web browsers). The ideal CA is authoritative (someone that the user trusts) for the name or key space it represents. A certificate always includes the owner’s public key, expiration date and the owner’s information. Types of CAs may include:
- Organizationally empowered, which have authoritative control over those individuals in their name space
- Liability empowered, for example, choosing commercially available options (such as VeriSign) in obtaining a digital certificate