PKI as a Trusted Third-Party Protocol
PKI does not eliminate the need for authenticity when exchanging public keys in an asymmetric encryption environment, but PKI solves the scalability issues associated with that process. It uses the concept of a single, trusted introducer. Instead of securely exchanging all public keys among all devices, only the public key of the trusted introducer has to be securely distributed to all devices, as shown in Figure 25-2. This is usually done by downloading the public key and then verifying it out of band. The trusted introducer performs the role of authentication for the devices: If the devices are authenticated by the trusted introducer, they are considered authenticated to each other. If they are not authenticated by the trusted introducer, they are not authenticated to each other. Essentially, the devices have an explicit (configured) trust to believe anything the trusted introducer tells them.
Figure 25-2. Using the Public Key of the Trusted Introducer
When all devices know the authentic key of the introducer, the introducer can guarantee the authenticity of the public keys of all devices by using a certificate for each device in the topology. The certificate includes information about the identity of a device and its public key. The (publicly trusted) introducer then signs the certificates of the individual devices, and the devices can directly distribute their public keys by sending their certificates. A device receiving such a certificate can verify it by checking the signature of the issuer (the introducer).
Every user in the system trusts information provided by the introducer. In practice, this is accomplished by digital signatures. Anything that the introducer signs is considered to be trusted. To verify the signatures of the trusted introducer, each user of this system must first obtain the public key of the trusted introducer. To become a part of the trust system, all end users enroll with the introducer; that is, they submit their identity and their public key to the introducer, as shown in Figure 25-3.
Figure 25-3. Exchanging Public Keys
The trusted introducer then verifies the identity and public key of each enrolling user and, if they are correct, the trusted introducer digitally signs the submitted public key with the private key of the introducer. The result is a kind of "document" (certificate) for each user that includes the identity (name) of the user and the public key of the user. The trusted introducer provides each user with a signed document, containing the name and public key of the user, bound together by the signature of the trusted introducer. As shown in Figure 25-4, each user now possesses a public and private key pair, the public key of the trusted introducer, and a document with the identity and public key of the user. This document is signed by the trusted introducer.
Figure 25-4. Generation of a PKI Certificate
Because all users now have their own documents containing the correct name and public key, signed by the trusted introducer, and the public key of the trusted introducer, they can verify all data signed by the trusted introducer. The entities can now (independently of the trusted introducer) establish point-to-point trusted relationships by exchanging information about themselves in the form of that document.
In practice, this means that at this stage the end users can mutually exchange signed public keys over an insecure medium and use the digital signature of the trusted introducer as the protection mechanism for the exchange. Again, the signature of the trusted introducer is trusted because it can be verified (the entities have the public key of the trusted introducer), and the trusted introducer and its operations are considered to be secure.