Validation Authority
   HOME

TheInfoList



Click Here for Items Related To - Validation Authority
OR:
Validation Authority on:   [Wikipedia]   [Google]   [Amazon]

In
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...
, a validation authority (VA) is an entity that provides a service used to verify the validity or
revocation status In public key cryptography, a certificate may be revoked before it expires, which signals that it is no longer valid. Without revocation, an attacker could exploit such a compromised or misissued certificate until expiry. Hence, revocation is an ...
of a
digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, informa ...
per the mechanisms described in the
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure ...
standard and (page 69).


Application

The dominant method used for this purpose is to host a
certificate revocation list In cryptography, a certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". Publicly trusted C ...
(CRL) for download via the
HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...
or
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed Directory service, directory information services over an Internet Protocol (IP) networ ...
protocols. To reduce the amount of
network traffic Network traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network packets, which provide the load in the network. Network traffic is the main ...
required for certificate validation, the OCSP protocol may be used instead.


Advantages

While this is a potentially labor-intensive process, the use of a dedicated validation authority allows for dynamic validation of certificates issued by an offline root certificate authority. While the root CA itself will be unavailable to network traffic, certificates issued by it can always be verified via the validation authority and the protocols mentioned above. The ongoing administrative overhead of maintaining the CRLs hosted by the validation authority is typically minimal, as it is uncommon for root CAs to issue (or revoke) large numbers of certificates.


Limitations

While a validation authority is capable of responding to a network-based request for a CRL, it lacks the ability to issue or revoke certificates. It must be continuously updated with current CRL information from a
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
which issued the certificates contained within the CRL.


References


External links


Crypto Wallets Overview
{{DEFAULTSORT:Certificate Authority Key management Certificate revocation Public-key cryptography Public key infrastructure Transport Layer Security