Certification Authority chains

Using this certificate, Alice can claim that her public key is trustworthy. Bob who wants to communicate with her, asks for her Certificate. Bob, in order to verify her Certificate, finds the public key of the Certification Authority that signed the Alice's public key. He needs to do that securely. If they are both on the same Certification Authority then he has it already. If not, he asks his Certification Authority to contact the other Certification Authority for its public key. For each Certification Authority Bob's Certification Authority asks, he needs the public key of the previous one so that the authenticity of the key is assured. If a chain can be found that leads to the other Certification Authority then communication can be established.

Note

The issue of inter-CA trust is very important since one bad CA can undermine the security of the whole infrastructure. This issue is not covered here (at least in this version).