FACTOID # 18: Alaska spends more money per capita on elementary and secondary education than any other state.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Certificate authority

In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes. The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write) is the study of message secrecy. ... In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. ... In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. ... In cryptography, a public key infrastructure (PKI) is an arrangement that provides for trusted third party vetting of, and vouching for, user identities. ...


There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and there are also free CAs.

Contents

Issuing a certificate

A CA issues Digital Certificates which contain public key and private key pairs. The CA also attests that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. this is to understand that this information may not be true In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as a the name of a person or an organisation, their address, and so forth. ... PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ... ...


If the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does indeed belong to whomever is identified in the certificate. If the CA can be subverted, then the security of the entire system is lost.


Suppose an attacker, Mallory (to use the Alice and Bob convention), manages to get a CA to issue a false certificate tying Alice to the wrong public key; the corresponding private key is known to Mallory. If Bob subsequently obtains and uses Alice's public key in this (bogus) certificate, the security of his communications to her could be compromised by Mallory - since Bob's messages could be decrypted by Mallory, or he could be tricked into accepting forged signatures from Alice. The names Alice and Bob are commonly used placeholders for archetypal characters in fields such as cryptography and physics. ...


Security

This is a problem. The problem of assuring correctness of match between data and entity when the data are presented to the CA (perhaps over an electronic network), and when the credentials of the person/company/program asking for a certificate are likewise presented, is difficult. This is why commercial CAs often use a combination of authentication techniques including leveraging government bureaus, the payment infrastructure, third parties' databases and services, and custom heuristics. In some enterprise systems, local forms of authentication such as Kerberos can be used to obtain a certificate which can in turn be used by external relying parties. Notaries are required in some cases to personally know the party whose signature is being notarized; this is a higher standard than can be reached for many CAs. According to the American Bar Association outline on Online Transaction Management the primary points of federal and state statutes that have been enacted regarding digital signatures in the United States has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents." Further the E-Sign and UETA code help ensure that: Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner, and also a suite of free software published by Massachusetts Institute of Technology (MIT) which implements this protocol. ... American Bar Associations Washington, DC office The American Bar Association (ABA) is a voluntary bar association of lawyers and law students, which is not specific to any jurisdiction in the United States. ... In cryptography, a digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. ...

(1) a signature, contract or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and
(2) a contract relating to such transaction may not be denied legal effect, validity or enforceability solely because an electronic signature or electronic record was used in its formation.

In large-scale deployments, Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA), so Bob's certificate may also include his CA's public key signed by a different CA2, which is presumably recognizable by Alice. This process typically leads to a hierarchy or mesh of CAs and CA certificates.


Largest providers

Worldwide the certificate authority business is fragmented, with national or regional providers dominating their home market. This is because many uses of digital certificates, such as for legally binding digital signatures, are linked to local law, regulations, and accreditation schemes for certificate authorities.


However, the market for SSL certificates (used for website security) supports a number of multinational companies. A 2005 Netcraft survey determined that VeriSign and its Thawte subsidiary have a 53% share of the market, followed by GeoTrust (25%), Comodo (12%), GoDaddy (4%) and Entrust (2%).[1] (GeoTrust has since been acquired by VeriSign.) Netcraft is an Internet monitoring company based in Bath, England (recently having relocated from Bradford on Avon). ... VeriSign, Inc. ... VeriSign, Inc. ... Comodo Group is an American computer software company and SSL certificate provider based in Jersey City, New Jersey started in the year 1998. ... This page is a candidate for speedy deletion, because: If you disagree with its speedy deletion, please explain why on its talk page or at Wikipedia:Speedy deletions. ... Entrust (NASDAQ: ENTU) is a publically traded Canadian digital security company and a spinoff of Nortel. ...


A more recent market share report from Security Space as of April 2007 determined that VeriSign and its acquisitions have a 59.6% share of the certificate authority market, followed by Comodo (8.3%), GoDaddy (5.3%), DigiCert (2.1%), Entrust (1.3%) and Network Solutions (1.1%). VeriSign, Inc. ... Comodo Group is an American computer software company and SSL certificate provider based in Jersey City, New Jersey started in the year 1998. ... This page is a candidate for speedy deletion, because: If you disagree with its speedy deletion, please explain why on its talk page or at Wikipedia:Speedy deletions. ... Entrust (NASDAQ: ENTU) is a publically traded Canadian digital security company and a spinoff of Nortel. ... Network Solutions, LLC.—a technology company founded in 1979—was the first registrar of domain names. ...


Free Providers

Currently there are at least four certification authorities providing third party digital certification to the public for free:

CAcert. ... Comodo Group is an American computer software company and SSL certificate provider based in Jersey City, New Jersey started in the year 1998. ... Thawte Consulting is a certificate authority (CA) for X.509 certificates. ...

See also

In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied upon by any system user. ... A robot certificate authority is a certificate authority (CA) which automatically signs public keys which match some requirement. ... In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. ... In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ...

Notes

  1. ^ The Netcraft Secure Server Survey

External links


  Results from FactBites:
 
Certificate Authorities ( CA, Certificate Authority, Certificates, and Certification Authorities) Definition (300 words)
Certificate Authorities (CA, Certificate Authority, Certificates, and Certification Authorities) Definition
A certificate authority (CA) is an authority in a network that issues and manages security credentials and
Depending on the public key infrastructure implementation, the certificate includes the owner's public key, the expiration date of the certificate, the owner's name, and other information about the public key owner.
Certificate of Authority (4343 words)
To avoid rejection of the application for certificate of authority the entity should include in its application for certificate of authority a statement that the entity name does not include an organizational ending indicating limited liability status as the entity is not characterized as a limited liability company in its jurisdiction of formation.
A certificate from the secretary of state or other proper filing officer of the new jurisdiction of organization that evidences the conversion of the entity’s jurisdiction of organization must accompany the application for amended certificate of authority.
Please note that the failure to file an amended certificate of authority to record a name change within 30 days from the effective date of the change is grounds for revocation of the certificate of authority pursuant to article 8.16(B) of the TBCA and article 7.11(B) of the TLLCA.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m