Discussion 1

Public key infrastructure (PKI) depends heavily on certificate authorities (CA) to instill trust in transactions taking place across the public Internet. CAs are often referred to as “trusted” authorities, but how can a user genuinely confirm whether an authority should be trusted? What does “trust” mean when referring to a certificate authority? How would you go about determining whether a CA can or should be trusted?