# Certificates and Trust Models 🔑🔍 ## **X.509 Standard** 📜 * **Overview**: * Defines the format of digital certificates. * First issued in 1988, with Version 3 being the current standard. * Includes specifications for a Certificate Revocation List (CRL) to manage invalid certificates. * **Fields in an X.509 Certificate**: * **Version**: Indicates the X.509 standard version used. * **Serial Number**: A unique identifier for the certificate assigned by the Certificate Authority (CA). * **Signature Algorithm**: Specifies the public key and hashing algorithms used to sign the certificate. * **Issuer Name**: Details the authority that issued the certificate. * **Validity**: Contains two subfields: * **Not Before**: Start date of certificate validity. * **Not After**: End date of certificate validity. * **Subject**: Information about the entity to which the certificate was issued. * **Subject Public Key Info**: Details the public key algorithm and the public key itself. * **Certificate Signature Algorithm**: Must match the algorithm used in the Subject Public Key Info. * **Certificate Signature Value**: The digital signature data of the certificate. * **Certificate Fingerprints**: * Hash digests of the entire certificate, used for validation and inspection. ## **Web of Trust** 🌐🔗 * **Concept**: * An alternative to the centralized PKI model. * Individuals sign each other's public keys rather than relying on a CA. * Involves verifying identities through agreed-upon methods (e.g., ID checks) before signing keys. * **Process**: * **Key Signing Parties**: Events where participants verify and sign each other's keys. * **Reciprocal Trust**: Each party signs the public key of the other, establishing mutual trust. * **Web Expansion**: As new members are introduced and trusted, they extend the web of trust, linking separate trust networks. ## **Summary** 📈 * X.509 certificates provide a structured format for managing digital identities and secure communications. * The web of trust offers a decentralized approach to establishing trust and verifying identities without relying on centralized authorities. 🔐🌍