Certificate Authority vs key server

A C.A. is high standard trusted third party which checks the identity of all users.  A key server is a more casual setting, usually used by a University or a Research Institute for research or education purposes.  In other words, a key server provides similar technology support as a C.A., but without any legal implication.  In the following we demonstrate one way of using a key server:
a) There is a private-public key pair for the key server.
b) The key server's public key is known to all parties, by come means.
c) When user A wants to use the public key system, he does the follows:

Methods of distributing public keys

Public key certificates are deposited to a public directory system, which is essentially a telephone book of the public key certificates on the Internet.

Another way to distribute public keys is to give a public key certificate to the owner. When Thomas wants to send a digitally signed message to Peter, he knows that his public key will be needed by Peter, so he can forward his public key certificate to Peter. Peter can verify the C.A.'s digital on the certificate to confirm that Thomas's public key on the certificate is correct. This saves Peter a trip to get Thomas' public key from the directory service.

Importance of selecting a C.A

I.     A Certification Authority, or Key Server, issues public key certificates, which store the correct public key for every user.
II.     Because of this, the proper functioning of C.A. or Key Server is very important, because it is the organisation to generate the ‘telephone book’ of public keys.  Management/technical loopholes in the C.A. or Key Server will affect all people.  (Imagine what happens if the telephone book entries are wrong).
III.    Therefore, to select a C.A. or Key Server to act is a very important issue.  You must use a trustworthy one.

Chinese Version
Copyright © 1999 Department of Computer Science and Information Systems, The University of Hong Kong. All rights reserved.