Description
This white paper describes a new way of conceptualising backend CAs, likening them to the security printers than routinely manufacture cheques, prescription pads, concert tickets etc. The physical security, operational security and accreditation requirements are all very similar. This type of CA would automatically generate certificates on request from authorised RAs.
The model may dramatically reduce CAs' legal liability, because they would be distanced from errors & omissions committed by RAs and by end users. Backend CAs would naturally remain responsible for the quality of their cryptographic processes, operations, personnel and so on.
Just as it is inconceivable that a well run cheque printer would be liable for the consequences of a bank customer writing a bad cheque, CAs in this model would be insulated from many types of potential misadventure in PKI implementations.
