Entity Naming
A certificate is a signed data structure binding a key pair (explicitly the public key, but implicitly the private key as well) to an identity. But what is an identity? Ultimately, it must be something uniquely associated with a particular PKI entity, and it must be meaningful within a context of use. Otherwise, secure communication cannot be achieved: Alice uses a certificate for the purpose of encrypting data for Bob or for the purpose of verifying Bob's signature, but if the certificate is actually (unknown to Alice) associated with some other entity, security is effectively compromised.
Depending on the size of the domain, identity uniqueness may be simple, or very difficult, to achieve. In a small, closed environment, uniqueness ...
Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
