Chapter 9. Trust Models
In this chapter, we discuss the concept of trust models in a PKI. It addresses questions such as the following:
How is it determined which certificates an entity can trust?
How can such trust be established?
Under what circumstances can this trust be limited or controlled in a given environment?
An understanding of the prevalent PKI trust models is important because the trust models that might be implicitly assumed by someone new to this topic (that is, a PKI that parallels an organizational chart or an existing authorization schema in a company) are rarely used in practice.
We will consider several trust models (strict hierarchy of CAs, loose hierarchy of CAs, policy-based hierarchies, distributed trust architecture, four-corner ...