Who are You?

The resolution to this increasingly complicated Gordian knot is proffered up by the ``certificate'' construct. A ``certificate'' is simply a article which allows for the ``secure'' distribution of a public key. A certificate consists of a particular document along with its signature. This document is partitioned into three parts. The first part contains information identifying the entity creating the certificate, the second part contains information identifying the entity for whom the certificate is being issued, and the third part contains the public key of the entity for whom the certificate is being issued. In addition to these three sections, a certificate will often contain various other technical information such as the version of the certificate formatting used, the signature algorithm used, and the date range for which the certificate is valid. A certificate consists of this document along with its signature, generated by the private key of the entity creating the certificate, see figure . So, that's all fine and good you say, but how can we stick-it to those bastard ``Double 0's'' with this certificate thing your going on about?

The problem we had previously with those bastard ``Double 0's'' was that one of them could intercept our public key on it's maiden journey to the King leaving the King with a bogus version of our, Leonardo's, public key. Say if we ab initio, instead of launching to our leige a public key missive, dispatched a certificate containing our public key. Why is this any better? If we we made this certificate ourselves, then using a certificate is not any better. The signature, which is part of the certificate, that the King could use to validate the document part of the certificate relies upon the King having a real copy of our public key. But, this is the problem we are trying to solve! So, this doesn't help us one lick. What good are these certificate things anyways?

Assume that instead of issuing ourselves a certificate we take a stroll down to the Uffizi and ask the mandarins and their factotums to issue us a certificate. We give them our public key and they make quick work of it and hand us back a crisp new certificate with a signature generated using the Uffizi private key. So, why is the Uffizi certificate any better then our self-issued certificate?

The Uffizi, and renaissance Florence in general, had the same problem as your liege Francis I had, the ``problem'' of to much filthy lucre. So, the factotums at the Uffizi can afford, like your vassal the King, to gazette the Uffizi public key in all the press of the land. Now if we sent this Uffizi issued certificate to the King instead of our public key, then all our problems are solved. Upon obtaining the Uffizi issued certificate the King can simply crack open any magazine and find the Uffizi public key, then verify that the certificate was not modified in transit. Furthermore, the King he can double-check things by not only looking in one rag for the Uffizi public key, but in ten, twenty, or thirty rags to verify the value of the Uffizi public key. Now the King can be sure that the certificate he obtained from us has not been touched by any of those bastard ``Double 0's.'' As a result of this, our liege, the King, now has a valid copy of our public key and our previous design on conveying our anatomical treatise to the King can proceed without a hitch. Now Pope Leo X, the ``Double 0's,'' and that degli Specchi clown can osculate our posterior.

We can go even further in securing our treatises than this using a construct called ``certificate chains.'' Consider the smaller provinces in Italy which might not have the fiscal wherewithal to plaster their public key across the billboards of renaissance Italy. What are they to do? How do the vast unwashed masses lay hands upon the public keys of these less fortunate territories. Actually, when you think about it, you finds that these territories were in the same boat as you, Leonardo, was at the start of this story. They and you don't have the green gelt with which to writ large your public keys. So, they should do exactly what you did before, get a certificate from someone loaded with loot, say the Ufizzi. In turn these smaller territories can issue certificates to their populace using the private key/public key pair for which they own a certificate. However, when it comes to validating the certificate of one of these village dwellers, we have to do everthing at least twice. We use the certificate of this little village to validate the certificate of the village dwellers, then we use the certificate of the Uffizi to validate the certificate of the little village. The Uffizi's public key is in all the rags of the land; so, we can easilly verify their public key. This chain of validation is called a certificate chain, and is used often in modern security systems. As a slight modification to this game of telephone, the final public key in the chain is often presented as a self-signed certificate. In other words the Uffizi doesn't publish their public key in the tabloids but publishes a certificate issued by the Ufizzi to the Uziffi. This self-signed certificate will be used as the last link in the chain. With all this wind at our back Pope Leo can eat our dust.