adam's notes

PKI Trust Model
Types of Trust Models
Single CA Trust Model
Hierarchical Trust Model
Bridge Trust Model

❯

❯

PKI Trust Model

PKI Trust Model

A PKI trust model describes the type of trust relationship which exists between a PKI and PKI’s certificate users.

enables a certificate user to determine the legitimacy of a PKI’s digital certificates issued to various entities

Types of Trust Models

Single CA Trust Model

In a single CA trust model, one CA issues all certificates.

if the CA’s private key is compromised, all PKI’s certificates are revoked
not scalable to a network with large number of entities

Hierarchical Trust Model

In a hierarchical trust model, a root CA issues certificates to an intermediate CA, and an intermediate CA issues certificates to entities.

root CA does not issue certificates to entities

The chain of trust describes the trust relationship between a certificate user and the intermediate CA which issued the certificate.

certificate user trusts the certificates issued by an intermediate CA because the intermediate CA is trusted by the root CA
root CA is called the trust anchor
compromise of intermediate CA’s private key only impacts the certificates it itself issued
most common trust model used on the Internet

Bridge Trust Model

A bridge trust model (BCA) links PKIs with different trust models.

bridge CA
- only establishes trust paths between linked PKIs
- and does not issue certificates to any entities

Graph View

Backlinks

Cryptographic Functions
Public Key Infrastructure (PKI)

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me