Question 122. How Do I Find Someone Else's Public Key?

Suppose Alice wants to find Bob's public key. There are several possible ways. She could call him up and ask him to send her his public key via e-mail; she could request it via e-mail as well. Certifying authorities may provide directory services; if Bob works for company Z, she could look in the directory kept by Z's certifying authority. Directories must be secure against tampering, so that users can be confident that a public key listed in the directory actually belongs to the person listed. Otherwise, they might send private encrypted information to the wrong person.

Eventually, full-fledged directories will arise, serving as on-line white or yellow pages. If they are compliant with ITU-T X.509 standards (see Question 165), the directories will contain certificates as well as public keys; the presence of certificates will lower the directories' security needs.