Patent attributes
A digital certificate for an entity is issued and signed by a certificate authority. One or more counter signing entities are identified in an extension to the digital certificate. Each countersigning entity adds a countersignature to the digital certificate using a private cryptographic key maintained by each countersigning entity. A client that receives the digital certificate validates the digital certificate by in part validating the digital signature of the issuing certificate authority and validating the digital signatures of the countersigning entities. In determining whether the digital certificate is valid, the client may consider the geographic regions, legal jurisdictions, and identity verification processes of the certificate authority and of the countersigning entities. In some examples, the client requires that the issuing certificate authority and the countersigning entities represent a minimum amount of geographic and jurisdictional diversity. In other examples, the client requires a minimum threshold number of countersigning entities.