Public-Key Management Models

In this section, we consider different public-key management models. We begin by discussing the issue of trusting CAs, particularly techniques for joining CA domains. We then examine the relationship between a relying party and a CA and define several management models.

Choosing a CA

In a closed environment, the choice of who will play the role of a CA may be straightforward since central administrative functions within an organization are well placed to serve such a role. Choosing an organization to play the role of a CA in an open environment is less straightforward. Currently, most CAs serving open environments are commercial organizations who have made it their business to be ‘trusted’ to play the role of a CA.

While CAs serving open environments can be regulated to an extent by commercial pressure (if they fail to offer attractive services or experience reputational damage, then they are likely to suffer financially), the importance of their role may demand tighter regulation of their practices. Options for this include:

• Licensing: This approach requires CAs to obtain a government license before they can operate. Government, thus, ultimately provides the assurance that a CA conforms to minimum standards.

• Self-regulation: This approach requires CAs to form an industry group and set their minimum operational standards by establishing best practices.

In the UK, licensing was considered in the 1990s but was met with considerable objections from the industry. Currently, the self-regulation approach is being adopted.

Public-key certificate management models

The owner of a public-key certificate has, by necessity, placed some trust in the CA who issued the certificate. This may be because the owner belongs to the same organization as the CA (typically in closed environments) or because the owner and the CA have a direct business relationship (typically in open environments).

However, the same cannot necessarily be said for a relying party. Indeed, the relationship between a relying party and the public-key certificate owner’s CA defines several distinct public-key certificate management models, which we now review.

CA-free certification model

The CA-free certification model is depicted in the illustration below and applies when there is no CA involved. In the CA-free certification model, the owner generates a key pair and then either self-signs the public key or does not use a public-key certificate at all. Any relying party obtains the (self-signed) public key directly from the owner. For example, the owner could include their public key in an email signature or write it on a business card. The relying party then has to make an independent decision as to whether they trust the owner or not. The relying party thus carries all the risk in this model. A variation of this idea is the web of trust model.