Root Key Certificate
The growing use of the Internet for commerce, communication and collaboration has significantly increased the need for online security. Certification Authorities, who provide network, Internet and application security solutions for communicating and conducting business, are a key link in the Internet security chain. Simply, a Certification Authority acts as a trusted third party whose purpose is to securely sign certificates for network entities it has authenticated using secure means. Other network entities can then check the Digital Signature to verify that a CA has authenticated the bearer of a certificate.
CAs require highly evolved infrastructure and business processes to manage complex and variable environments including PKI services, root key management, validation processes, customer support, evolving security threats, database management and monitoring, user Authentication and vulnerability identification and remedy. Further, these systems must support diverse stakeholder groups - consumers, enterprises, ISP's, browser providers and government agencies. Comodo's status as an official WebTrust-certification authority is verified annually by the global accounting firm KPMG.
A key component of a CA's operation is acceptance of a CAs certificates within browsers, e.g. Microsoft, Opera etc. This is enabled by Root Keys which browser providers incorporate into their operating system. Once a Root Key is a trusted Root Key - any Digital Certificate issued from that Root Key Certification Authority will be trusted as a legitimate.
A quick primer on root keys:
- Root keys are incorporated into browsers so that certificates using these established and trusted root keys can provide assurance to users. Only the root keys of trusted CA.s or issuers are included in browsers.
- Root keys not recognized by a browser provider will generate a warning box from the browser providers.
- When the Root Program was first introduced it contained only 16 roots representing on 7 US organizations.
- Today, Comodo is the second largest owners of root keys owning 11 root keys, (VeriSign is the largest owner with 13 root keys)