CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [182]
This might be the most common implementation in a large organization that wants to extend its certificate-processing capabilities. Hierarchical models allow tight control over certificate-based activities.
Figure 7.14 illustrates the hierarchical trust structure. In this situation, the intermediate CAs trust only the CAs directly above them or below them.
FIGURE 7.14 A hierarchical trust structure
Root CA systems can have trusts between them, and there can be trusts between intermediate and leaf CAs. A leaf CA is any CA that is at the end of a CA network or chain. This structure allows you to be creative and efficient when you create hybrid systems.
Bridge Trust Models
In a bridge trust model, a peer-to-peer relationship exists between the root CAs. The root CAs can communicate with each other, allowing cross certification. This arrangement allows a certification process to be established between organizations or departments. Each intermediate CA trusts only the CAs above and below it, but the CA structure can be expanded without creating additional layers of CAs.
Additional flexibility and interoperability between organizations are the primary advantages of a bridge model. Lack of trustworthiness of the root CAs can be a major disadvantage. If one of the root CAs doesn’t maintain tight internal security around its certificates, a security problem can be created: An illegitimate certificate could become available to all the users in the bridge structure and its subordinate or intermediate CAs.
This model may be useful if you’re dealing with a large, geographically dispersed organization or you have two organizations that are working together. A large, geographically dispersed organization could maintain a root CA at each remote location; the root CAs would have their own internal hierarchy, and users would be able to access certificates from any place in the CA structure. Figure 7.15 illustrates a bridged structure. In this example, the intermediate CAs communicate only with their respective root CA. All cross certification is handled between the two root CA systems.
FIGURE 7.15 A bridge trust structure
Mesh Trust Models
The mesh trust model expands the concepts of the bridge model by supporting multiple paths and multiple root CAs. Each of the root CAs shown in Figure 7.16 can cross-certify with the other root CAs in the mesh. This arrangement is also referred to as a web structure. Although not shown in the illustration, each of the root CAs can also communicate with the intermediate CAs in their respective hierarchies.
This structure may be useful in a situation where several organizations must cross-certify certificates. The advantage is that you have more flexibility when you configure the CA structures. The major disadvantage of a mesh is that each root CA must be trustworthy in order to maintain security.
FIGURE 7.16 A mesh trust structure
Hybrid Trust Model
A Hybrid Trust Model can use the capabilities of any or all of the structures discussed in the previous sections. You can be extremely flexible when you build a hybrid trust structure.
The flexibility of this model also allows you to create hybrid environments. Figure 7.17 illustrates such a structure. Notice that in this structure, the single intermediate CA server on the right side of the illustration is the only server that is known by the CA below it. The subordinates of the middle-left CA are linked to the two CAs on its sides. These two CAs don’t know about the other CAs, because they are linked only to the CA that provides them a connection. The two intermediate servers in the middle of the illustration and their subordinates trust each other; they don’t trust others that aren’t in the link.