AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Mahsa Nakhjiri, Madjid Nakhjiri

9.1. Public Key Infrastructures: Concepts and Elements

9.1.1. Certificates

Digital certificates are used to present information about the user's identity and public key for various purposes. However, a trusted authority needs to guarantee the information in the certificate, especially the public key data, so that such information can be trusted to be free of tampering. Without an assurance from a trusted and known authority, the certificate is almost the same as a business card. Any person can choose any title with an affiliated company, phone number and other information and print a business card on her own. There is almost nothing on the business card (except possibly the company's logo) that can be guaranteed. On the other hand, in the case of a digital certificate, a trusted certificate authority (CA) issues the certificate on behalf of the user and signs the certificate with its own (the CA's) private key. This way the CA vouches that the user, whose identity and public key are included in the certificate, does in fact hold the corresponding private key. A user that has been granted the certificate can from now on use the certificate as a proof of identity and as a way to inform its peers about its own public key.

Of course, the format in which the certificate is produced and presented plays an important role for the interoperability of various elements of the security architectures. Table 9.1 shows the format called X.509 for certificates [X5093280].