PKI - trust & chain of trust -why, who and how?
Vložit
- čas přidán 2. 02. 2018
- What is public key infrastructure? What is trust? Why do we need trust over the Internet? Who should be trusted?
In this video, I will talk about two trust models: Hierarchical Trust Model and distributed trust model, and how they help us to build trust with strangers over the Internet so that we could be able to do business online.
I will use an example how these models work.
Playlist: Advanced Cryptography -
• What is digital signat...
Playlist: Basic Cryptography
• Private Key Encryption...
Please subscribe to my channel!
Please leave comments or questions!
Many thanks,
Sunny Classroom
Your tutorial was very clear with just the right amount of verbal and visual info. Thank you !
It's creepy how good you are at explaining things; i watched 3 of your videos and i always understand the key concept, thank you sunny
I have seen a lot of resources online about PKI. This is by far the best one in my opinion. The concepts are brilliantly explained in a simple and concise manner. Very easy to understand. Thank you!
You are welcome and thank you very much for taking the time to write such nice comments and it means a lot to me. I appreciate it very much.
Thank you for the tutorial. Everything is so well explained.
Very amazing, wonderful and extremely pretty style of teaching process .thanks you sunny from bottom of my heart . God bless you!
Awesome content.Finally this is the place where explanation was super simple
Thank you Sunny! I just happened to find your video when I was looking for some information about PKI, and your video helped me a lot about understanding the concept. I watched some more videos that you created and I really liked them. You explained such complicated things rather simply and very clearly! I am taking Info. Systems Security online course at a university. I'm sure that I'll come back to watch other related videos as well!
Thanks a lot for your nice words. I do my best.
i have never seen such kind of simple and understandable way of explanation. Your are my hero. i am waiting your new lecture video every time. please keep it up and if u want go througth different programming languges , we will wait patiently.
Wow! thank you Sunny for the high quality lecture :)
***** Warning to Learners: Sunny Class room may cause addiction more than Netflix ...be prepare for it.*** Thank you Sir for great tutorials.
I appreciate it. Thank you for watching !
Brilliantly Concise Explanation yet again. Thanks a lot Sunny!
thanks a lot and you are welcome!
another short, packed full of information, and well explained, video. thank you.
You re welcome !
I'm preparing for Security+ and this helped a lot. Thank you Sunny.
Well explained, clear and crisp... Hats off Sir... Thank you for amazing tutorial.
You are welcome and thank you for your kind comment.
Thank you for the lesson!
Thanks Sunny for this concise and useful tutorial.
Very helpful. I am trying to understand PKI and this definitely helps. Thank you
Greatly done Sunny...!!!
Illustrations are helpful. Complicated theories explained in a simple way.
Thanks
Riiiiiiight!
Thank you Sunny. You are great.
You're the best Sunny, thank you!!
very clear and thorough explanation
Sunny thank you for such easy explanation of concepts and topics.
Finally found something that explains it well. Thanks!
Glad to hear it!
thats awesome. please keep up the good work!
excellent knowledge and very easy to understand the details behind.
Great Explanation.Thank you
Simply explained. Thank you 👍
Great explanation! Thank you!
Sunny ! you're so awesome. Thank you.
Easy to digest. Thank you.
Excelent explanation, thank you for helps us!
Thank you for this video !It really helped me understand the concept of root CAs.
You are welcome!
Explained in the best possible way .... Very nice
thanks a lot, Partha!
Very well explained about the topics in a much simpler way with nice illustration
Thanks.
Thanks for explaining.
Thank you sunny!
Thanyou sir.. You are the best in the world.. Love you so much
You are very nice to say that to me.
thank you very much sunny 😊
thanks Sunny, you never disappoint!
do you by any change have videos explaining the Web of Trust model used by PGP ?
Concise and Precise as always
Thank you for watching! Check out my other videos please!
Thanks a lot for the videos, they are clear and helpful :)
Great. Thank you.
you are welcome!
Very Good Tutorial, Thank you Sir!!
you are welcome!
Thank you sir for this video✌
you are welcome!
Thank you for this tutorial guide lesson
Hi, thank you for your tutorial. I have a question. The gmail digital certificate needs to be created by owner or by the CA authority ?
Best video about this concept 🙏
Thank you for watching!
You are the best on CZcams!
Wow, thanks!
Thanks it was a great video
Thank you for your help
Sunny your awesome videos help me so much.
Happy to help!
I love sunny and I love his music.
Thanks!
brilliant
Question about the example: What I saw on the PC only root CA public key was installed, but the certificate is issued by the intermediate CA, without installing the public key of of intermediate CA, how can the PC authenticate the received certificate?
Awesome
Many thanks, Alka.
Does the browser only check the validity of the self-signed certificate of the root CA? And if it's valid, it automatically trusts all intermediate CAs without verifying them?
Sunny, question - you mentioned that purpose of PKI is to facilitate a safe transfer electronic transfer of data over the internet, is this definition same for SSL? Thanks.
To understand how SSL plays in this, you need to go a little deeper. This video will explain the role of SSL in the trust model: czcams.com/video/heacxYUnFHA/video.html
Amazing!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Is there a mistake in this video? At 3:56 you are saying that the hierarchical modell is limited because once the private key is compromised certifitcates will become worthless.
But that's exactly the same issue with the distributed ones? I can't trust a single certificate if the root is compromised?
How is the deletion of a certificate (revocation) carried out in a chain of trust if not all subscribers who use the certificate have access to a CRL or connection? Are there alternative ways or how is this solved?
Thanks
much more in depth than Messer!
Thanks a lot!
Thanks for your video, I was in mid of a confusion as my client sent a certificate which was not working in my modem. Suddenly I found in video that a ROOT CA's supplier and supplied to must be same. I checked and my certificate was wrong. Thanks again.
Glad it helped!
how to become CA/intermediate-CA/Delegated signing authority? any CA will provide Signing certificate (certificate with signing right ?
Thank you for your videos. These are great! Question: When gmail send his certificate, which is signed by the intermediate CA, does he send the CA also to me (client)? I might have the global CA to verify the intermediate CA later on, but I might miss the intermediate CA on my pc. So how does gmail make sure, I get access to the intermediate CA too?
Good question. Public keys of most major intermediate CAs and root CAs have already been pre-installed in your browser (Chrome, firefox or Safari, even Edge :)) , Gmail server would not send CA to you. The certificate has the signature of CAs. Signature is verified by the public key in your browser. All big companies (such as Google) have even been the Intermediate CA themselves.
If your browser has no public key of intermediate CAs for your service, will not be displayed. That is why we do not trust
Sunny,
thank you so much for your explanation.
You are welcome!
What's the purpose of hierarchical trust model if for somehow the private key of the root CA's private key is compromised? Does it mean that all digital certs signed for intermediate CA are compromised and eventually digital certs signed for clients are also compromised?
you are correct! if the top dog or intermediate CAs lost their private key, it would be definitely a bad thing for that company. However, it does not mean all clients are compromised. It only means that you cannot truly believe are truly encrypted. Anyway, as a user, we never trust a site we do not know. Simply we do not easily put credit card # or our confidential information to any site. We do not know if their private keys are already stolen. The original design is always "perfect", but we live in a "real" world. I don't disagree with you.
thank youuu!!!!!!
You are welcome!
Yo hit me up gurl I put out on the first date
Do you think installing a third party certificate could have the possibility of breaking this trust chain? In some MITM attacks(used cain for arp poisoning to be specific, rather basic stuff, I was trying to learn how to use it) I'm used to install my own self signed certificate to the test machine so I don't have to deal with chrome alarming me at every page. Also, some school stuff requires you to install certificates onto your windows or android device, and even student tablets and smart board computers have meb's(milli eğitim bakanlığı - ministry of national education on Turkey) certificates pre-installed on them.
for a public website, you need a third party certificate. For a website for a small group of people, you can use the self-signed one. The function is the same. However, there might some other differences I don't know. I really appreciate your insights and knowledge.
@@sunnyclassroom24 Thanks. my English might be bad so I'm gonna ask it shortly
will installing a third party root certificate to a system possibly break the security of all websites? maybe possibly through tools like cain&abel and stuff. since all other websites use different root certs it's not certain on my mind lol
Sunny make video about how u creat dot1x authentication using server radius on windows server 2012 ,
Watch in 1.5 speed.
I will speak faster in the future.
@@sunnyclassroom24 I am much appreciated you speak slowly. Not all the viewers speak English as their mother tongue.
I wonder is this method is what used in Blockchain?
Yes
simplified ... best
Thank you for watching!
Under mattress is more secure.
Trustworthy reason is SlA and compensation they offered by CA
I want hindi
...So......,How to break the global internet... 🤣
Thanks
You are welcome!