Welcome to the third segment in the series "Growing A Tree Of Trust" on public key infrastructures (PKI). So far we''ve looked at some of the complexities in defining a PKI and some of the stumbling blocks from a lack of technical and resource readiness. In the last installment we looked at the steps in managing digital certificates from a user perspective and identified a number of new concepts, including:

• Registration authority
• Certificate stores within the browser
• Certificate revocation processing

With this week''s column, we drill a little deeper by looking into expectations for a Certificate Authority (CA) and what a CA will expect of you. In the final segment, we''ll use these as a template to look at some commercial CA outsourcing solutions to help you focus your search for a custom PKI. Let''s begin with what you should expect from a CA.