| (I) A CA that is directly trusted by an end entity. Acquiring the
value of a root CA's public key involves an out-of-band procedure.
(I) Hierarchical PKI usage: The CA that is the highest level (most
trusted) CA in a certification hierarchy; i.e., the authority upon
whose public key all certificate users base their trust. (See: top
CA.)
(C) In a hierarchical PKI, a root issues public-key certificates
to one or more additional CAs that form the second highest level.
Each of these CAs may issue certificates to more CAs at the third
highest level, and so on. To initialize operation of a
hierarchical PKI, the root's initial public key is securely
distributed to all certificate users in a way that does not depend
on the PKI's certification relationships. The root's public key
may be distributed simply as a numerical value, but typically is
distributed in a self-signed certificate in which the root is the
subject. The root's certificate is signed by the root itself
because there is no higher authority in a certification hierarchy.
The root's certificate is then the first certificate in every
certification path.
(O) MISSI usage: A name previously used for a MISSI policy
creation authority, which is not a root as defined above for
general usage, but is a CA at the second level of the MISSI
hierarchy, immediately subordinate to a MISSI policy approving
authority.
(O) UNIX usage: A user account (also called "superuser") that has
all privileges (including all security-related privileges) and
thus can manage the system and its other user accounts.
|
