One way of doing this is to have a trusted third party authenticate and sign the keys, so that as long as the certifier is trusted, then the public key can be believed. This approach is embodied in the X.509 certification standard. This standard defines the format of certificates which are authenticated by trusted third parties, such as the government agency responsible for telecommunications. The authentication of the certificates can be delegated to other agencies, such as Internet Service Providers, so creating a hierarchy of certifiers. Thus when one receives a certificate, as long as one can trace a path up and down the hierarchy to a certifier one trusts, then one can trust that the public key within the certificate is really the public key of whom it purports to be.
Next: Problems of Scalability
Up: Key Distribution
Previous: Email Invitations
Jon CROWCROFT
1998-12-03