Cross-Certification

Cross-certification is a useful mechanism for binding together previously unrelated CAs so that secure communications between their respective subject communities can be enabled. The actual mechanics of cross-certification (for example, the specific protocol messages exchanged) may be identical to certification (see Chapter 6, "Certificates and Certification," for a discussion of certification), except that both the subject and the issuer of the resulting cross-certificate are CAs (rather than the subject being an end-entity). When the distinction is important, the following terminology from RFC2510 can be used:

  • If the two CAs belong to the same domain (for example, within an organization's CA hierarchy, where a CA at ...

Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.