2.6. Public key certificates

One complication in using public key cryptography is ensuring that a particular public key belongs to the person you think it does. In a small organisation you might be given a copy of a public key by its owner who you already know, or perhaps by a third party who is willing to vouch for the identity of the key owner. But this does not work on a global scale.

Public key certificates resolve this. Such a certificate consists of a public key and sufficient information to identify the owner of that key, the whole thing digitally signed by some third party who everyone chooses to trust. In this way an identity and the corresponding public key pair are bound together.

TLS, and almost all other applications of public key certificates, uses the X.509 certificate format. The X.509 standard was part of the much larger CCITT X.500 directory project, which has largely fallen by the wayside though current standards like LDAP preserve some of its more useful features. X.509 certificates were invented to address security needs elsewhere in X.500 and have subsequently been adopted for other applications. While this is largely an irrelevance, these certificates do have some odd features (as we will see) which they owe to this strange background.