be provided to enable each user to be aware of the policies governing any certificate that he may encounter. In particular, a user should be able to establish how carefully and thoroughly the CA authenticated owner identity of the public key before certifying the association between the user and the key.
• Trusted Certificate Authority. Digital signatures are used to ensure sender authentication, nonrepudiation, and message integrity. To trust these security services, the user needs to be assured that the public key used to verify a signature is actually the key of the person who signed the transaction. To ensure that certificates are generated by and obtained from trusted sources, mechanisms are needed to prevent any user from creating false certificates that are signed with the user's regular private key. Even though a signature can be verified by employing the user's properly certified public key, the false certificates must not be accepted as legitimate. Then a pretender cannot create signatures that will be accepted because they are verified using keys obtained from the false certificates. Since the CA performs user authentication at key certification time and is responsible for keeping the user's name and public key associated, each CA must be a trusted entity, at least to the extent defined in the pertinent PCA policies. This implies the provision of some security protection for each CA, specifically the private key of the CA, so that the CA cannot be modified or impersonated. Certification policies can specify the security measures that a particular CA undertakes. Users must determine whether the CA is sufficiently trustworthy for their applications. The basic trust rests in the certification policies and security mechanisms established for the infrastructure.
• User Affiliation. To have a CA certify a public key, a user must provide a unique name in addition to the public key that is to be certified. That name usually contains the user's organizational affiliation. It is possible, however, that some private citizens may wish to have their keys certified independently of any organization. Therefore, provisions for certifying private citizens must also be made.
• Privacy of User's Identity. Some users may wish to remain anonymous but still register with a CA. This may require the establishment of certification agencies that would register users requesting nondisclosure of their identification information. Alternatively, policy choices in different segments of the infrastructure could include or exclude anonymous certificates.