Home arrow Security arrow Page 2 - PKI Architectures: How to Choose One

PKI Architectures - Security

In the Internetís world of insecurities, many actions should be taken to enhance the defense of each and every network. Many solutions exist that provide a level of security, none however being bulletproof. The best approach is to combine a variety of mechanisms that will supplement one another. In this article I will discuss a technology that is considered to be the new trend and a favored option among network implementers, that is Public Key Infrastructure (PKI).

  1. PKI Architectures: How to Choose One
  2. PKI Architectures
  3. Criteria to Choose a Certain PKI Architecture
  4. Conclusions
By: Eliana Stavrou
Rating: starstarstarstarstar / 20
October 26, 2004

print this article



In this section I will present the different types of CA architectures that are generally considered when implementing a PKI. PKI may be constructed as a:

  • Single architecture
  • Hierarchical architecture
  • Mesh architecture

Every architecture is distinct from the others in respect to the following:

  • The numbers of CAs in the PKI system
  • Where users place their trust (known as a user's trust point)
  • Trust relationships between CAs within a multi-CA PKI

Single Architecture

A single architecture is the most basic PKI model that contains only a single (you wouldn't expect more, would you?) CA. All the users of the PKI place their trust on this CA. The CA will be responsible in handling all the users requesting a certificate. As there is only one CA, every certification path will begin with its public key.

Choosing a PKI Architecture

Figure 1  Single PKI Architecture

Hierarchical Architecture

A hierarchical architecture is constructed with subordinate CA relationships. In this configuration, all users trust a single "root" CA. The root CA issues certificates to subordinate CAs only, whereas subordinate CAs may issue certificates to users or other CAs. The trust relationship is specified in only one direction. In this PKI architecture, every certification path begins with the root CA's public key.

Choosing a PKI Architecture

Figure 2  Hierarchical PKI Architecture

Mesh Architecture

A mesh architecture does not include only one CA that is trusted by all entities in the PKI system. CAs can be connected with cross certification creating a "web of trust" where end entities may choose to trust any CA in the PKI. If a CA wishes to impose constraints on certain trust relationships, it must specify appropriate limitations in the certificates issued to its peers.

Choosing a PKI Architecture

Figure 3  Mesh PKI Architecture

>>> More Security Articles          >>> More By Eliana Stavrou

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- Whatís behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: