Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
PKI trust models provide a technological framework for the management of PKI trust relationships between CAs and between CAs and PKI users. They also define the rules that are needed to discover and traverse a PKI trust path. PKI trust path traversal is a critical part of certificate validation.
A CA’s trust domain defines the community or boundaries within which the CA is considered trusted. Trust domain boundaries are typically based on organizational or geographical boundaries; however, a single organization may also be split into different trust domains, following, for example, the organization’s divisions or departments.
All PKI users in the CA’s trust domain consider the CA a trust anchor. This is a CA in which the PKI user has a very high level of confidence. During certificate validation, the PKI software will try to discover a trust path up to the level of a trust anchor. How PKI trust path discovery and traversal exactly work in the different trust models is not covered in this chapter.
Категории