header image
 

Certification Authorities and Certificate Transparency

A certification authority (CA) or Trust Service Provider (TSP) is a trusted entity that issues electronic documents that assocites a digital entity’s identity to a cryptographic key. The electronic documents, which are called digital certificates, are an essential part of secure communication and play an important part in the public key infrastructure (PKI).

Certificates typically include the holder’s public key, the expiration date of the certificate, the holder’s name and other information about the public key owner. Operating systems and browsers maintain lists of trusted CA root certificates to verify certificates that a CA has issued and signed.

Although any entity can issue digital certificates for secure communications, there are so many requirements to do it properly that it is better for e-commerce websites to buy certificates issued by commercial CAs.

Typically, the longer the CA has been operational, the more browsers and devices will trust the certificates a CA issues.

As a way to harden the security of certificates some CA implement certificate transparency.

Certificate Transparency fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections.

These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities.

~ by jinza on December 2, 2016 .



Leave a Reply