PKI — trust & chain of trust -why, who, and how?
PKI or Public Key Infrastructure is a framework for managing digital certificates and public-key encryption.
PKI’s purpose is to ensure secure electronic transfer of data over the internet.
CAs or Certificate Authorities are supposed to have a TRUST with users.
Hierarchical Trust Model
The root CA signs all digital certificates with a single private key. What is the limitation of this model? If the root CA’s private key gets compromised, then all the certificates become untrustworthy.
Distributed Trust Model
Distributed hierarchical model has multiple CAs that sign digital certificates. Only those certificates go worthless whose CA had its private key compromised so the process of verification gets distributed. This model establishes a chain of trust.