Chapter 6. Certificates and Certification

As Chapter 2, "Public-Key Cryptography," discussed, public-key cryptography involves the use of public/private key pairs to facilitate digital signature and key management services. The fundamental principle that enables public-key technology to scale is the fact that the public component of the public/private key pair may be distributed freely among the entities that need the public component to use the underlying security services. (See Chapter 4, "Core PKI Services: Authentication, Integrity, and Confidentiality," and Chapter 5, "PKI-Enabled Services," for more information regarding security services enabled through the use of a PKI.)

However, distribution of the public component without some form of integrity protection would defeat the very foundation for these security services. Thus, the public-key component must be protected—but in such a way that it will not impact the overall scalability that public-key cryptography techniques offer.