An overview of PKI trust models

If Alice and Bob each know their own private key and the other's public key , they can communicate securely, through any number of public-key based pro tocols such as IPSec [1], PGP [2], S/MIME [3], or SSL [4]. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable public keys. It should be applicable secure, convenient , and efficiency discovery of public keys It should be applicable as well a s between organizations, and scalable to support the Internet There are var ious types of PKI that are widely deployed or have been proposed. They diff er in the configuration information required, trust rules, and flexibility There ore standards such as X.509 [5] and PKIX [6], but these are sufficien tly flexible so that almost any model of PKI con be supported. In this arti cle we describe several types of PKI and discuss the advantages and disadva ntages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model.