What is cross-certification?
The identity given in a digital certificate has to be validated by the Certification Authority (CA) before the certificate is issued. Since there is not going to be one single, centralized CA registering all people and organizations, there will have to be several. Probably more than one per country. So if you’re going to base your electronic relationships on what’s in the certificate, then you need some standard(s) that everyone follows about how they identify certificate users, what checks they do, how they check on financial worth and so on. We have something broadly similar already in driving licenses. It doesn’t really matter where you got a driving license from; as long as it’s valid you can hire a car in almost any country. So we have agreed that although driving tests are different in all countries, they all equate to the same standard. That is cross-certification for motorists. Cross-certification for PKI (as normal) isn’t nearly so simple. Because technologists and lawyers wor
In this model, the CCF issues cross-certificates to departmental Certification Authorities, provided that they meet all the requirements for cross-certification. The requirements are set out in the PKI Policy and in the Cross-certification: Methodology and Guidelines[10] published by the Policy Management Authority. Essentially, the process is designed to establish a relationship of trust between two or more Certification Authorities, so that each can rely on the other to issue certificates in accordance with standards and to a level of assurance at least equivalent to its own. In the cross-certification model, it is the PMA that determines whether a CA meets all the conditions of cross-certification. The exchange of cross-certificates means that the PMA is satisfied that the certificates issued by the subordinate CA are reliable. All departmental CAs which are cross-certified with the CCF can trust and rely upon each others’ certificates as if they had issued them themselves. Within t
