1

I am a bit confused about the consensus-based network administration.

In my understanding of hyperledger fabric, the CA server is a single point of administration. Even though it is possible to create organization-specific CA servers, there should be one main CA to verify the chain of trust.

For example, the one who administers the CA server can create the required number of identities to break the consensus.

Please clarify if I am wrong.

Thanks & Regards, Akhil KM

Akhil KM
  • 109
  • 9

1 Answers1

1

@Akhil KM

CA server is not a complete administration in the fabric network

it is just giving certificates and the MSP is the complete administration and that to not to the whole consortium. Each entity can have different MSP means different CA's can issue certificates. One org can have more than one CA

CA in the fabric is exactly equivalent to normal CA in current all public-key cryptography like how browsers show us secure https by trusting the certificate

In fabric or in website world CA will never become an administrator. CA will have an administrator (To operate CA :) )

Narendranath Reddy
  • 3,833
  • 3
  • 13
  • 32
  • Here is my question, the one who administers the CA server can create the required number of identities to break the consensus. I agree that multiple CA's are possible in a network but there should be a chain of trust to verify identity between CA's (correct me if I am wrong). In that case, the main CA administrator can create an admin identity of a different organization to sign the transaction and break the consensus. – Akhil KM Mar 02 '20 at 17:12