Distributed Trust Architecture
In contrast to strict hierarchy, in which all entities in the PKI community trust a single root CA, the distributed trust architecture distributes trust among two or more (perhaps many) CAs. That is, Alice may hold a copy of the public key of CA1 as her trust anchor, and Bob may hold a copy of the public key of CA2 as his trust anchor. Because these CA keys serve as trust anchors, it follows that each corresponding CA is the root CA for a strict hierarchy involving some subset of the total PKI community (CA1 is the root for a hierarchy that includes Alice, and CA2 is the root for a hierarchy that includes Bob).
If each of these hierarchies is a shallow, trusted-issuer hierarchy, then the resulting configuration ...
Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
