Certificates and Trust Models 🔑🔍

X.509 Standard 📜

Overview:
- Defines the format of digital certificates.
- First issued in 1988, with Version 3 being the current standard.
- Includes specifications for a Certificate Revocation List (CRL) to manage invalid certificates.
Fields in an X.509 Certificate:
- Version: Indicates the X.509 standard version used.
- Serial Number: A unique identifier for the certificate assigned by the Certificate Authority (CA).
- Signature Algorithm: Specifies the public key and hashing algorithms used to sign the certificate.
- Issuer Name: Details the authority that issued the certificate.
- Validity: Contains two subfields:
  - Not Before: Start date of certificate validity.
  - Not After: End date of certificate validity.
- Subject: Information about the entity to which the certificate was issued.
- Subject Public Key Info: Details the public key algorithm and the public key itself.
- Certificate Signature Algorithm: Must match the algorithm used in the Subject Public Key Info.
- Certificate Signature Value: The digital signature data of the certificate.
Certificate Fingerprints:
- Hash digests of the entire certificate, used for validation and inspection.

Concept:
- An alternative to the centralized PKI model.
- Individuals sign each other's public keys rather than relying on a CA.
- Involves verifying identities through agreed-upon methods (e.g., ID checks) before signing keys.
Process:
- Key Signing Parties: Events where participants verify and sign each other's keys.
- Reciprocal Trust: Each party signs the public key of the other, establishing mutual trust.
- Web Expansion: As new members are introduced and trusted, they extend the web of trust, linking separate trust networks.

X.509 certificates provide a structured format for managing digital identities and secure communications.
The web of trust offers a decentralized approach to establishing trust and verifying identities without relying on centralized authorities.

🔐🌍

Last updated 3 months ago