Public key management
- Must make sure that a malicious user cannot substitute his key for a legitimate user's key
- Certificates are used to thwart this attack
- The CA signs a user's key and identity information
- The user can then verify the CA's signature to determine whether the public key does in fact belong to the intended target
- Manage length of certification chain