I don’t mean to be rude but it sounds like you aren’t very familiar with digital identity management paradigms in the first place?
Proving who you are is always a relative operation. It’s always about the relationship between two things. “I am the person who generated this other message” or “I am the person whose face looks like this”.
Key/certificate issuance follows a variety of different models depending on the use case. Sometimes “this object was generated/signed by the person who controls this key” is enough, as is the case with things like secure emails (think gpg/pgp). Other times you need an authority to give relative meaning to a key/certificate (think SSL).
I don’t mean to be rude but it sounds like you aren’t very familiar with digital identity management paradigms in the first place?
Proving who you are is always a relative operation. It’s always about the relationship between two things. “I am the person who generated this other message” or “I am the person whose face looks like this”.
Key/certificate issuance follows a variety of different models depending on the use case. Sometimes “this object was generated/signed by the person who controls this key” is enough, as is the case with things like secure emails (think gpg/pgp). Other times you need an authority to give relative meaning to a key/certificate (think SSL).