14.3 PKI trust terminology


PKI trust models provide a technological framework for the management of PKI trust relationships between CAs and between CAs and PKI users. They also define the rules that are needed to discover and traverse a PKI trust path. PKI trust path traversal is a critical part of certificate validation.

A CA’s trust domain defines the community or boundaries within which the CA is considered trusted. Trust domain boundaries are typically based on organizational or geographical boundaries; however, a single organization may also be split into different trust domains, following, for example, the organization’s divisions or departments.

All PKI users in the CA’s trust domain consider the CA a trust anchor. This is a CA in which the PKI user has a very high level of confidence. During certificate validation, the PKI software will try to discover a trust path up to the level of a trust anchor. How PKI trust path discovery and traversal exactly work in the different trust models is not covered in this chapter.




Windows Server 2003 Security Infrastructures
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net