Infrastructures of European Bridge-CA

The practicability of a Bridge-CA solution and its benefit very much depends on the services that are available to a broad audience.
From the beginning on, the European Bridge-CA has aimed at strengthening the practicability and the benefit connected with it.
This is the reason why the European Bridge-CA makes services available with the help of which the practicability and quality is considerably enhanced when using certificates.

l Service for the solution to the distribution problem:
It is difficult to get an overview of the huge number of trust centers and private Public Key Infrastructures. This leads to a high complexity referring to access and distribution of available certificates and certificate data (e.g. user certificates, revocation lists). It cannot be expected of a user to prepare numerous repository services in his applications for access. Ideally, in his applications, a user wants to configure only one central knot offering respective data. An example is the Domain Name System (DNS).
This is why the EB-CA makes available a centralized LDAP-directory that - when it is integrated - enables the users to request encryption certificates of persons they are corresponding with and to encrypt the data that wants to be sent to this person.
This service prevents users from being forced to handle a multitude of LDAP entries in their applications. Thus, not only administration expenses can be reduced considerably, but also the attractiveness to and acceptance of secure communication for the users is enhanced.

l Service for the solution to the validation problem:
Similarly to the distribution problem, the processing of incoming signed data deals with the verification of the validation of an X.509 certificate at a certain point in time. This is very difficult for the user - at the moment, the following two alternatives are at your disposal:
• Certificate revocation lists (CRL s)
• Online validation with the help of an Online Certificate Status Protocol (OCSP)
The use of CRLs and OCSP enables the verification of the authenticity of transferred data. Thus, it can be reconstructed as to whether these data were valid at this point in time or not, which could possibly entail legal consequences.
The advantage of certificate revocation lists is that they can be provided offline, whereas the use of OCSP provides a real-time verification of a certificate's validity (valid, revoked, expired). When using OCSP, a brief status report about a certificate is requested and evaluated, which does only demand a short time of processing. There is no extensive downloading of certificate revocation lists necessary.
At present the EB-CA works with CRL s . An OCSP responder could inserted as soon as the EB-CA members desire it.

If further services, contributing to the acceptance and extension of the use of Public Key Infrastructures, are demanded, the European Bridge-CA will provide these services in agreement with its members.