Revision as of 00:38, 16 May 2014 edit Timtempleton (talk \| contribs) Extended confirmed users 15,670 edits Added intra-Wiki link ← Previous edit		Revision as of 07:11, 16 May 2014 edit undo Magioladitis (talk \| contribs) Extended confirmed users, Rollbackers 908,596 edits m clean up using AWB (10193) Next edit →
Line 1: The '''certification path validation algorithm''' is the [[algorithm]] which verifies that a given '''certificate path''' is valid under a given [[public key infrastructure]] (PKI). A path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted [[root certificate]], typically issued by a trusted [[Certification Authority]] (CA). Path validation is necessary for a [[~~Relying party\|~~relying party]] to make an informed trust decision when presented with any certificate that is not already explicitly trusted. For example, in a hierarchical PKI, a certificate chain starting with a web server certificate might lead to a small CA, then to an intermediate CA, then to a large CA whose trust anchor is present in the relying party's web browser. In a bridged PKI, a certificate chain starting with a user at Company A might lead to Company A's CA certificate, then to a bridge CA, then to company B's CA certificate, then to company B's trust anchor, which a relying party at company B could trust. RFC 5280 <ref>RFC 5280 (May 2008), chapter 6., a standardized path validation algorithm for [[X.509]] certificates.</ref> defines a standardized path validation algorithm for [[X.509]] certificates, given a certificate path. (Path discovery, the actual construction of a path, is not covered.) The algorithm takes the following inputs:

Certification path validation algorithm: Difference between revisions