Trust Models
PKI works only if organizations are willing to trust the CA issuing certificates. Within a PKI, multiple certificate authorities can be used for a particular solution. For example, a large corporation might have a corporate CA and CAs for each division within the company. Each of these divisional CAs establishes policies for its own portion of the organization, but that CA still needs to have a trust association with the corporate CA, usually known as the root CA. This is known as a trust model.
Trust models for PKI solutions involve two major concepts—cross certification and hierarchies. Cross certification is a process that enables distinct CAs from different organizations to act on each other's behalf in a functional solution. ...
Get Security+ Training Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
