PKI 3/9

• The certification process can be iterated (arbitrarily often), meaning that a CAës certificate can be certified by another CA (resulting in a certificate chain)

• A certificate chain must be verified until a root CA is reached

• Note, however, that a certificate can only be trusted iff

  • every certificate in the chain is successfully verified
  • every CA in the certificate chain can be trusted

• In practice, certificate chains are short and seldom verified for trustworthiness

• Also, the concept of cross-certification is of low practical value and seldom used between certification service pro-viders

Previous slide

Next slide

Back to first slide

View graphic version