Information Technology Reference
In-Depth Information
Figure 9.6
pKi oeriew with respect to the iA
2
iews.
n
−
Self-managed web of trust
Each user generates and manages his own keys; no central authority;
AKA anarchy model, e.g., PGP
Single certificate authority (CA)
Hierarchical CA
CA root with distributed CAs
Browser trust list
Policy trust list
Qualified policy trust list
Cross-certificate
Bridge CA
n
n
−
n
n
n
n
n
Figure 9.7 illustrates a PKI hierarchical model with a single CA root and regionally
distributed CAs and revocation authorities (RAs). A distributed certificate revocation
list (CRL) model provides faster certificate revocation checks as well as CRL service
redundancy. Such a model supports a geographically dispersed workforce as well as
offers time-critical performance for PKI validation or verification of revocation.
Pretty good privacy.
