Validation Authority
   HOME

TheInfoList



Click Here for Items Related To - Validation Authority
OR:
Validation Authority on:   [Wikipedia]   [Google]   [Amazon]

In public key infrastructure, a validation authority (VA) is an entity that provides a service used to verify the validity of a
digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...
per the mechanisms described in the
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
standard and (page 69). The dominant method used for this purpose is to host a certificate revocation list for download via the
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...
or
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
protocols. To reduce the amount of
network traffic Network traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network packets, which provide the load in the network. Network traffic is the main c ...
required for certificate validation, the
OCSP The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative t ...
protocol may be used instead. While a validation authority is capable of responding to a network-based request for a CRL, it lacks the ability to issue or revoke certificates.Smart Contract
/ref> It must be continuously updated with current CRL information from a
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
which issued the certificates contained within the CRL. While this is a potentially labor-intensive process, the use of a dedicated validation authority allows for dynamic validation of certificates issued by an offline root certificate authority. While the root CA itself will be unavailable to network traffic, certificates issued by it can always be verified via the validation authority and the protocols mentioned above. The ongoing administrative overhead of maintaining the CRLs hosted by the validation authority is typically minimal, as it is uncommon for root CAs to issue (or revoke) large numbers of certificates.


References

{{DEFAULTSORT:Certificate Authority Public-key cryptography Key management Public key infrastructure Transport Layer Security