Certification Hierarchies

PEM (Privacy Enhanced Mail) model

Distribution of certificates for PEM (secure e-mail).

• Worldwide hierarchy (monopoly).

• Single root (IPRA).

• Several PCAs (Policy Creation Authorities) are below the root.

• Several CAs are below each PCA.

  • Possibly belonging to organizations or companies.

Never implemented.

• Forest of hierarchies.

  • Each with its independent root CA.

  • Oligarchy.

• Each root CA negotiates the distribution of its public key along with some applications or operating systems.

  • ex. Browsers, Windows.

PGP (Pretty Good Privacy) model

Web of trust.

• No central trustworthy authorities.

  • Each person is a potential certifier.

  • Can certify a public key (issue a certificate) and publish it.

• People use 2 kinds of trust.

  • Trust in the keys they know.

    • Validated using any means (FAX, telephone, etc.).

  • Trust in the behavior of certifiers.

    • The assumption is that they know what they are doing when issuing a certificate.

Transitive trust.

• If Alice trusts Bob is a correct certifier; and Bob certified the public key of Carl then Alice trusts the public key belongs to Carl.