November 1999
Intermediate to advanced
320 pages
8h 46m
English
As alluded to in some of the trust model sections earlier, the purpose of certificate path processing is to find an unbroken path (or chain) of certificates between a given target certificate and a trusted key (a "trust anchor") and to check the validity of each certificate in this path. Ultimately, the final goal is for Alice to determine whether or not she can trust the public key in Bob's certificate (with respect to the purpose for which she would like to use it).
For more detail regarding path processing operations and algorithms, see the X.509 Recommendation [X.509] and "Internet X.509 Public Key Infrastructure: Certificate and CRL Profile" [RFC2459]; but in general, there are two phases to the processing: ...