Quiz Entry - updated: 2026.05.31
Who signs certificates, and what does it mean that Alice and Bob need a common "trust anchor"?
A Certificate Authority (CA) issues and signs certificates; to verify each other's certs, both parties must already trust the same CA — that shared trusted root is the trust anchor.
A CA (Certificate Authority) issues certificates and signs them. But a signature only helps you if you already trust the signer. So:
- Alice and Bob can only validate each other's certificates if they share a common trust anchor — a CA both of them trust.
- Put plainly: they must trust the same CA(s) that issued the certificates.
This is why your browser/OS ships with a pre-installed list of trusted root CAs — they're your built-in trust anchors.
Tip: A signature you can't trace to a trusted root is worthless. "Trust anchor" = the root of trust you've decided to accept a priori.