| Now, after years of development, various domestic regions, industries and organizations have set up their respective information platforms, which, on the other hand bring forth the problem of"information isolated island". The same problem also exists in the infrastructure of information security—the construction of PKI and CA. The isolation of trust domains is becoming the bottleneck of the development of domestic information security industry and affects the further application and progress of information technology application as well as the healthy development of domestic information security industry.The major technology to realize the interoperability among trust domains is"cross-certification". But with the increase of number of trust domains, the situations will become a lot more complicated. Bridge CA is designed right to overcome the complexity of direct cross certification. To reduce the number of cross certifications, a special CA—bridge CA is specially used to build cross certifications with root CAs of every PKI domain. Through bridge CA, to set up trust relationship with other PKI domains, every PKI domain only needs to make cross certification between its root CA with the bridge CA. Bridge CA does not issue certificates to end users; it is designed specially to connect different PKI domains and works as a bridge in the whole system, and that's why it is named as bridge CA.However, there are technology handicaps to realize the interoperability among the existing CAs because of the difference of constructed time, background and purposes as well as the difference of adopted technology and software, hardware products. All that makes it hard to connect to the bridge and bring many problems in technical realization."How to build a viable bridge CA system and to solve the practical problem of interoperability"is the issue discussed in this article, which includes:Cross certification and bridge connection technology;Unified certificate policy and certificate format;Certificate path construction and verification;... |
PDF Full Text Request