You download the browser.
The browser has all the public keys through prearrangement between the CAs and
the browser companies to put them in there.
And to the degree that you trust the download from Netscape or
from Microsoft or from Google or wherever,
if you trust the download, embedded in that, will be a frequently updated
list of valid certification authorities that they've gone off and checked.
It's a closed loop.
Your mom, your friend, you, whatever,
you want to go buy something on the Internet, you download a browser.
You're using the browser.
It's got public keys in there for CAs.
I go to wesellawesomesneakersontheinternet.com
I say, I want to buy this, and he goes, great.
Sends me a certificate, its got their public key.
The certificate is signed by a CA.
My browser does a look up, finds it.
Wow, that's a valid CA.
I have the public key.
I decrypt the certificate.
I get the public key.
I send the credit card information.
And we have the world we live in today.
That's it, that's how it works.
That's why you don't have to do anything to buy something securely on the Internet.
It's like magic.
Now, for some of you with a little bit more experience, and
you're thinking about this, you're going wait a minute, Ed.
There's a lot of problems here.
How do I know the CA is valid?
And how do I know they did a good deal with the browser?
You're right, there's no question that that's an issue.
There's a lot of little seams in the way these things work.
But for the most part, you've gone from no assurance to pretty solid assurance here.
I think you gotta admit that this is a closed loop in
the sense that it provides a means for
me to get my credit card to you without having to go off and look around for
keys, and search a directory or ask somebody for a public key.
I don't have to do any of that.
As long as I download the browser, I have pretty much everything I need.
And I don't need to be a technical person.
I don't need to go to a key exchange party.
I don't need, sort of,
a gear head to accomplish the kinds of things that you see on the Internet.
Now, contrast this with email.