Tours Travel

What is the trust model in the public key infrastructure?

A trust model is a collection of rules that informs the application how to decide the legitimacy of a digital certificate. There are two widely used types of trust models.

– 1. HIERARCHICAL

– 2. TRUSTED WEBSITE

1. HIERARCHICAL

Hierarchical, also called the CA model, is the basis of most certification systems. It is also considered as traditional model in use by the giant certification authority. In this model, certificate users hand over their trust element to the CA instead of proving the authenticity of the digital certificate themselves. Once you’re sure that the CA you’re dealing with is indirectly trustworthy, you agree to trust any other certificates the CA guarantees.

In the hierarchical trust model, the CA is at the top level and trust flows from the top down to the end user. This feature of the hierarchical trust model does not place a burden on the end user to prove its authenticity. One important thing to note that the CA you trust is cross-certifying the PKI of another CA. Therefore, your system will also automatically accept certificates from that CA. In practical situations, it is advisable to have knowledge of CA practices, as it will prevent you from accepting certificates from outsiders.

2. TRUSTED WEBSITE

In web-of-trust there is no centralized organization that makes decisions. Users themselves decide who to trust based on their personal experiences and knowledge or on the suggestions and opinions of other people they trust. Web-of-trust is well known for its implementation in PGP.

If someone you already know gives you their public key, it’s safe to tell your application that the key is trusted. This is accomplished by signing the key. When another user receives her public key, he determines the keys that she has signed. Now, if they decide to trust you and sign your key, they in turn quote you and other entities you trust. This is how WEB-OF TRUST expands.

The entire process is handled by PGP servers that contain a database of keys and signatures that have been added regularly. Web-of-trust works very well for small organizations. The only downside to the web model of trust is that when one user signs incorrect keys, the entire group is affected.

Leave a Reply

Your email address will not be published. Required fields are marked *