Trust Models

Public Key Infrastructures (PKI) are now widely recognized as essential to provide the underlying certificate and key management basis allow encryption and digital signature services for security in electronic commerce. This reduces the security problem to that of trust of public keys and certificates. The manner in which relying applications "trust" certificates is based on the implicit or explicit trust model which governs that application. Various trust models exist, and a subset are already in wide use. In this talk we consider several of the more popular models in present use, including strictly hierarchical trust models (e.g. PEM and SET), distributed/enterprise trust models (including cross-certification), end-user trust models (e.g. PGP web of trust), and first-generation browser-oriented trust models. These and other models can generally be placed on a continuum, and each may find its place in various environments. The advantages, disadvantages, and relationships among these models will be discussed.