| |
PKI Trust Models
Suppose Alice wants to send an encrypted message to Bob. She needs to securely find out Bob’s public key. PKI trust models define where Alice gets her trust anchors and what paths would produce a legal chain from a trust anchor to the target name. The following list shows different trust models possible:
- Monopoly Model: In this simple model, everybody chooses only one organization as the CA (certificate authority). This CA is trusted and everybody get certificates from there. The public key of this single CA is embedded in all software and hardware as the trust anchor. This model is difficult to realize in practice due to obvious problems associated with monopolies.
- Monopoly plus Registration Authorities (RAs): One problem in the monopoly model is that it would be expensive and insecure to have only a single organization to certify all keys in the world. One alternative as a solution to this problem is to employ other organizations as registration authorities (RA) to securely check identities and obtain and vouch public keys. The RA communicates with the CA which trusts RA and rubber-stamps whatever information is verified by the RA.
- Delegated Certificate Authorities (CAs): The trust anchor CA issues certificates to other CAs. Users can then obtain certificates from one of the delegated CAs. The certificate verification is performed by verifying the chain of certificates starting from the trust anchor and ending in the CA who issues the certificate in question.
- Oligarchy (implemented in web browsers): There are more than one trust anchor and certificate issued by any one of them is accepted.
- Anarchy (implemented in PGP): PGP (Pretty Good Privacy) is a secure mail protocol developed initially by Phil Zimmermann. In PGP, there is no rigid hierarchy of CAs and each user decides his trust anchors by himself. To get the key of someone whose key is not in your set of trust anchors, you can search through a public database to see if you can find a path from one of your trust anchors to the person you want. This model is appropriate within a small group where all users are trustworthy but on the Internet scale when there are individuals who might purposely add bogus certificates, it would be not secure to trust a path that involves unknown individuals.
|
|
Animation VIII.II-I: PGP Download [ click to enlarge ]
Animation VIII.II-II: PGP key generation and signing mail with PGP [ click to enlarge ]
Animation VIII.II-III: PGP signature verification [ click to enlarge ]
|
