9.11
Suppose someone impersonates a company and gets a certificate from a certificate-issuing authority. What is the effect on things (such as puchase orders or programs) certified by the impersonated company, and on things certified by other companies?
The key problem with digital certificates (when used offline, without contacting the certificate issuer) is that there is no way to withdraw them.
For instance (this actually happened, but names of the parties have been changed) person \(C\) claims to be an employee of company \(X\) and gets a new public key certified by the certifying authority \(A\). Suppose the authority \(A\) incorrectly believed that \(C\) was acting on behalf of company \(X\), and it gave \(C\) a certificate cert. Now \(C\) can communicate with person \(Y\), who checks the certificate cert presented by \(C\) and believes the public key contained in cert really belongs to \(X\). \(C\) can communicate with \(Y\) using the public key, and \(Y\) trusts the communication is from company \(X\).
Person \(Y\) may now reveal confidential information to \(C\) or accept a purchase order from \(C\) or execute programs certified by \(C\), based on the public key, thinking he is actually communicating with company \(X\). In each case there is potential for harm to \(Y\).
Even if \(A\) detects the impersonation, as long as \(Y\) does not check with \(A\) (the protocol does not require this check), there is no way for \(Y\) to find out that the certificate is forged.
If \(X\) was a certification authority itself, further levels of fake certificates could be created. But certificates that are not part of this chain would not be affected.