Joining CA Domains

Let’s learn about the connected certification model.

The connected certification model is of particular interest because it allows public-key certificates to be used in environments where the owner and relying party do not have trust relationships with the same CA.

We will now assume both the owner Alice and relying party Bob have relationships with their own CAs, which we label CA1 and CA2, respectively (so, for simplicity, we now assume the validation authority in the illustration below is a CA).

We now consider the nature of the relationship between CA1 and CA2. In particular, we will look at techniques for ‘joining’ their respective CA domains and allowing certificates issued by CA1 to be ‘trusted’ by relying on parties who have trust relationships with CA2.

Get hands-on with 1400+ tech skills courses.