14.2 A trust taxonomy


Trust relationships in the PKI world are very similar to trust relationships in the real world. Trust is a very complex notion that cannot be easily defined or classified. If we simplify things a bit, we can distinguish three basic types of trust relationships (they are illustrated in Figures 14.1 and 14.2): direct, third-party, and extended third-party trust relationships. Both third-party and extended third-party trust relationships are also referred to as indirect trust relationships.

click to expand
Figure 14.1: A trust taxonomy: direct trust relationships.

In a direct or peer-to-peer trust relationship, Alice trusts user Bob’s certificate, because user Alice knows Bob in person. Alice considers anything (including Bob’s certificate) that she gets from Bob to be trustworthy. If the same is true the other way around, there is a mutual or bidirectional direct trust relationship between Alice and Bob. If many users had a direct trust relationship with Alice, Alice would become a trusted third party. This is what happens with Charlie in Figure 14.2.

click to expand
Figure 14.2: A trust taxonomy: indirect trust relationships.

In the context of a third-party trust relationship, there is a direct trust relationship between Alice and a third-party Charlie and also between the same third-party Charlie and Bob. If the previous two trust relationships are transitive, there will be an implicit trust relationship between Alice and Bob. This is very important: A third-party trust relationship—which is an indirect trust relationship—only exists if two other direct trust relationships are transitive. Transitivity of trust relationships greatly simplifies trust management. It also reduces the number of trusts needed between entities that want to interoperate. If transitive trusts are available, the use of third-party trusts is a scalable solution for large organizations. Unfortunately, transitivity is not always available—it may also be available in a limited scope or degree, applying to only certain actions or a certain period in time.

An extended third-party trust relationship occurs when both Alice and Bob have a trust relationship with Charlie, both Donald and Eve trust Frank, and there is also a trust relationship set up between Charlie and Frank. The extended third-party trust relationship between Bob and Donald is an indirect trust that will only exist if two other third-party trust relationships are considered transitive.




Windows Server 2003 Security Infrastructures
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net