Certificate Path Processing
As alluded to in some of the trust model sections earlier, the purpose of certificate path processing is to find an unbroken path (or chain) of certificates between a given target certificate and a trusted key (a "trust anchor") and to check the validity of each certificate in this path. Ultimately, the final goal is for Alice to determine whether or not she can trust the public key in Bob's certificate (with respect to the purpose for which she would like to use it).
For more detail regarding path processing operations and algorithms, see the X.509 Recommendation [X.509] and "Internet X.509 Public Key Infrastructure: Certificate and CRL Profile" [RFC2459]; but in general, there are two phases to the processing: ...
Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.