x164.htm

来自「The Open–source PKI Book Version 2.4.6 E」· HTM 代码 · 共 179 行

<HTML
><HEAD
><TITLE
>Certification Authority chains</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.55"><LINK
REL="HOME"
TITLE="The Open&#8211;source PKI Book"
HREF="ospki-book.htm"><LINK
REL="UP"
TITLE="Basic functionality of a Public Key Infrastructure[TODO]"
HREF="description-pki.htm"><LINK
REL="PREVIOUS"
TITLE="Signing of the certificate request by the Certification Authority"
HREF="x161.htm"><LINK
REL="NEXT"
TITLE="Typical uses of public key cryptography"
HREF="x169.htm"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Open&#8211;source PKI Book: A guide to PKIs and Open&#8211;source Implementations</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x161.htm"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. Basic functionality of a Public Key Infrastructure[TODO]</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x169.htm"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN164"
>Certification Authority chains</A
></H1
><P
>	Using this certificate, Alice can claim that her public
	key is trustworthy. Bob who wants to communicate with her, asks for her Certificate.
	Bob, in order to verify her Certificate, finds
	the public key of the Certification Authority
	that signed the Alice's public key. He needs to 
	do that securely. If they are both on the same Certification Authority
	then he has it already. If not, he asks
	his Certification Authority to contact the other Certification Authority for its public key. For each Certification Authority
	Bob's Certification Authority asks, he needs the public
	key of the previous one so that the authenticity of the key is assured.
	If a chain can be found that leads to the other Certification Authority
	then communication can be established.
  <DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="stylesheet-images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>  	The issue of inter-CA trust is very important since 
	one bad CA can undermine the security of the whole infrastructure.
	This issue is not covered here (at least in this version).
  </P
></TD
></TR
></TABLE
></DIV
>
  </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x161.htm"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ospki-book.htm"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x169.htm"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Signing of the certificate request by the Certification Authority</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="description-pki.htm"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Typical uses of public key cryptography</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>