Certificates have some form of trust where the certificate can check whether or not it is valid. We are going to look at different trust models; you need to ensure that you know when each is used:
- Trust anchor: A trust anchor in a PKI environment is the root certificate from which the whole chain of trust is derived; this is the root CA.
- Trust model: A trust model proves the authenticity of a certificate; there are two trust models:
- Hierarchical trust model: This uses a hierarchy from the root CA down to the intermediary (also known as a subordinate); this is the normal PKI model. An example can be seen in the certificate hierarchy diagram.
- Bridge trust model: The bridge trust model is peer to peer, where two separate PKI environments trust each other. The certificate authorities communicate with each other, allowing for cross certification; sometimes, it is referred to as the trust model.
- Certificate chaining: Certificates in computer security are digital certificates that are verified using a chain of trust where the trust anchor for the digital certificate is the root CA. This chain of trust is used to verify the validity of a certificate as it includes details of the CRL.
Exam tip:
When two separate CAs trust each other, they will use a trust model called the bridge of trust.
When two separate CAs trust each other, they will use a trust model called the bridge of trust.
- Web of trust: A web of trust is a concept used in PGP or various versions of PGP to establish the authenticity of the certificate being used. In PGP, two people are going to encrypt data between themselves; the first stage would be to give each other a public key so that they can encrypt the data being sent to the other party. It works with the same concepts as asymmetric encryption although it is on a smaller scale.
Exam tip:
A bridge trust model is used so that two separate CAs can work with each other.
A bridge trust model is used so that two separate CAs can work with each other.