PKI Trust Models

A PKI can be described as a set of technologies, procedures, and policies for propagating trust from where it initially exists to where it is needed for authentication in online environments. How the trust propagation takes place under a specific PKI depends on the PKI’s syntactic trust structure, which is commonly known as a trust model. However, trust is primarily a semantic concept that cannot be expressed in syntactic terms alone. In order to define meaningful trust models for PKIs it is also necessary to consider the semantic assumptions and human cognition of trust relationships, as explicitly or implicitly expressed by certification policies, legal contractual agreements between participants in a PKI, and by how identity information is displayed and represented. Of the many different PKI trust models proposed in the literature, some have been implemented and are currently used in practical settings, from small personal networks to large-scale private and public networks such as the Internet. This chapter takes a closer look at the most prominent and widely used PKI trust models, and discusses related semantic issues.