In the world of Certificate Authorities and digital signatures there still exist questions about who gave the authority to the CAâ€™s to authorize the certificates? And although a certificate has been granted, how should we treat a private key that is suspected as having not come from the authorized owner?
In order for the digital signature trust relationships to work you have to be able to protect your private key. You could keep your private key in a digital safe or build a digital fortress around it. But how do you protect those passwords which allow entry past your digital sentries into your digital safe or digital fortress?