In reality, there is no person (or computer) on the internet whose job it is to monitor each client/server transaction. So, who or what is Cathy and how did Cathy know to warn Alice?

Cathy is a file known as a certificate of authentication owned and distributed by a Certificate Authority (CA). Bob also is a certificate of authentication. Ahead of time, Bob’s company sent its certificate to Cathy’s company, which verified Bob’s company identity and signed his certificate.

When Alice installed her browser, Cathy’s certificate was installed in Alice’s browser’s Trust Store. As the name implies, a Trust Store contains certificates from trusted entities.

As soon as Alice contacts Bob, he sends her his certificate. Alice’s browser checks the signature on Bob’s certificate against the signature on Cathy’s certificate in its Trust Store. The signatures match and Alice’s browser authorizes the beginning of a trusted connection between Alice and Bob.

Alice’s browser immediately rejects Bart’s certificate because it was not signed by Cathy. Its signature does not match the signature on Cathy’s certificate in Alice’s browser’s Trust Store.