PKI - trust & chain of trust -why, who and how?
What is public key infrastructure? What is trust? Why do we need trust over the Internet? Who should be trusted?
In this video, I will talk about two trust models: Hierarchical Trust Model and distributed trust model, and how they help us to build trust with strangers over the Internet so that we could be able to do business online.
I will use an example how these models work.
Playlist: Advanced Cryptography -
• What is digital signat...
Playlist: Basic Cryptography
• Private Key Encryption...
Please subscribe to my channel!
Please leave comments or questions!
Many thanks,
Sunny Classroom
Пікірлер: 118
It's creepy how good you are at explaining things; i watched 3 of your videos and i always understand the key concept, thank you sunny
Your tutorial was very clear with just the right amount of verbal and visual info. Thank you !
Thank you for the tutorial. Everything is so well explained.
Awesome content.Finally this is the place where explanation was super simple
I have seen a lot of resources online about PKI. This is by far the best one in my opinion. The concepts are brilliantly explained in a simple and concise manner. Very easy to understand. Thank you!
@sunnyclassroom24
4 жыл бұрын
You are welcome and thank you very much for taking the time to write such nice comments and it means a lot to me. I appreciate it very much.
***** Warning to Learners: Sunny Class room may cause addiction more than Netflix ...be prepare for it.*** Thank you Sir for great tutorials.
@sunnyclassroom24
3 жыл бұрын
I appreciate it. Thank you for watching !
Wow! thank you Sunny for the high quality lecture :)
Thank you Sunny! I just happened to find your video when I was looking for some information about PKI, and your video helped me a lot about understanding the concept. I watched some more videos that you created and I really liked them. You explained such complicated things rather simply and very clearly! I am taking Info. Systems Security online course at a university. I'm sure that I'll come back to watch other related videos as well!
@sunnyclassroom24
3 жыл бұрын
Thanks a lot for your nice words. I do my best.
You're the best Sunny, thank you!!
Very amazing, wonderful and extremely pretty style of teaching process .thanks you sunny from bottom of my heart . God bless you!
another short, packed full of information, and well explained, video. thank you.
@sunnyclassroom24
4 жыл бұрын
You re welcome !
Brilliantly Concise Explanation yet again. Thanks a lot Sunny!
@sunnyclassroom24
4 жыл бұрын
thanks a lot and you are welcome!
Thanks Sunny for this concise and useful tutorial.
Very helpful. I am trying to understand PKI and this definitely helps. Thank you
i have never seen such kind of simple and understandable way of explanation. Your are my hero. i am waiting your new lecture video every time. please keep it up and if u want go througth different programming languges , we will wait patiently.
I'm preparing for Security+ and this helped a lot. Thank you Sunny.
Greatly done Sunny...!!!
Thank you Sunny. You are great.
Sunny ! you're so awesome. Thank you.
thats awesome. please keep up the good work!
Simply explained. Thank you 👍
Easy to digest. Thank you.
Well explained, clear and crisp... Hats off Sir... Thank you for amazing tutorial.
@sunnyclassroom24
6 жыл бұрын
You are welcome and thank you for your kind comment.
@Skynet_the_AI
3 жыл бұрын
Thank you for the lesson!
Great Explanation.Thank you
Finally found something that explains it well. Thanks!
@sunnyclassroom24
4 жыл бұрын
Glad to hear it!
Great explanation! Thank you!
Sunny thank you for such easy explanation of concepts and topics.
Thank you sunny!
very clear and thorough explanation
Illustrations are helpful. Complicated theories explained in a simple way.
@sunnyclassroom24
4 жыл бұрын
Thanks
@Skynet_the_AI
3 жыл бұрын
Riiiiiiight!
Thanks for explaining.
Excelent explanation, thank you for helps us!
Thank you for this video !It really helped me understand the concept of root CAs.
@sunnyclassroom24
4 жыл бұрын
You are welcome!
thank you very much sunny 😊
excellent knowledge and very easy to understand the details behind.
Concise and Precise as always
@sunnyclassroom24
4 жыл бұрын
Thank you for watching! Check out my other videos please!
Explained in the best possible way .... Very nice
@sunnyclassroom24
5 жыл бұрын
thanks a lot, Partha!
Thanks a lot for the videos, they are clear and helpful :)
Thank you for this tutorial guide lesson
Great. Thank you.
@sunnyclassroom24
5 жыл бұрын
you are welcome!
Very well explained about the topics in a much simpler way with nice illustration
@sunnyclassroom24
4 жыл бұрын
Thanks.
Thank you for your help
Thanks it was a great video
Thanyou sir.. You are the best in the world.. Love you so much
@sunnyclassroom24
5 жыл бұрын
You are very nice to say that to me.
Very Good Tutorial, Thank you Sir!!
@sunnyclassroom24
5 жыл бұрын
you are welcome!
Thank you sir for this video✌
@sunnyclassroom24
6 жыл бұрын
you are welcome!
Best video about this concept 🙏
@sunnyclassroom24
3 жыл бұрын
Thank you for watching!
You are the best on KZread!
@sunnyclassroom24
4 жыл бұрын
Wow, thanks!
brilliant
Sunny your awesome videos help me so much.
@sunnyclassroom24
4 жыл бұрын
Happy to help!
Hi, thank you for your tutorial. I have a question. The gmail digital certificate needs to be created by owner or by the CA authority ?
I love sunny and I love his music.
@sunnyclassroom24
4 жыл бұрын
Thanks!
Amazing!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanks
thanks Sunny, you never disappoint! do you by any change have videos explaining the Web of Trust model used by PGP ?
Awesome
@sunnyclassroom24
5 жыл бұрын
Many thanks, Alka.
Question about the example: What I saw on the PC only root CA public key was installed, but the certificate is issued by the intermediate CA, without installing the public key of of intermediate CA, how can the PC authenticate the received certificate?
Does the browser only check the validity of the self-signed certificate of the root CA? And if it's valid, it automatically trusts all intermediate CAs without verifying them?
How is the deletion of a certificate (revocation) carried out in a chain of trust if not all subscribers who use the certificate have access to a CRL or connection? Are there alternative ways or how is this solved?
how to become CA/intermediate-CA/Delegated signing authority? any CA will provide Signing certificate (certificate with signing right ?
much more in depth than Messer!
@sunnyclassroom24
4 жыл бұрын
Thanks a lot!
thank youuu!!!!!!
@sunnyclassroom24
4 жыл бұрын
You are welcome!
@markychaz
4 жыл бұрын
Yo hit me up gurl I put out on the first date
Is there a mistake in this video? At 3:56 you are saying that the hierarchical modell is limited because once the private key is compromised certifitcates will become worthless. But that's exactly the same issue with the distributed ones? I can't trust a single certificate if the root is compromised?
Thanks for your video, I was in mid of a confusion as my client sent a certificate which was not working in my modem. Suddenly I found in video that a ROOT CA's supplier and supplied to must be same. I checked and my certificate was wrong. Thanks again.
@sunnyclassroom24
4 жыл бұрын
Glad it helped!
Sunny, question - you mentioned that purpose of PKI is to facilitate a safe transfer electronic transfer of data over the internet, is this definition same for SSL? Thanks.
@stevemaloney7305
5 жыл бұрын
To understand how SSL plays in this, you need to go a little deeper. This video will explain the role of SSL in the trust model: kzread.info/dash/bejne/mpmVxdqShdGseKQ.html
Thank you for your videos. These are great! Question: When gmail send his certificate, which is signed by the intermediate CA, does he send the CA also to me (client)? I might have the global CA to verify the intermediate CA later on, but I might miss the intermediate CA on my pc. So how does gmail make sure, I get access to the intermediate CA too?
@sunnyclassroom24
5 жыл бұрын
Good question. Public keys of most major intermediate CAs and root CAs have already been pre-installed in your browser (Chrome, firefox or Safari, even Edge :)) , Gmail server would not send CA to you. The certificate has the signature of CAs. Signature is verified by the public key in your browser. All big companies (such as Google) have even been the Intermediate CA themselves. If your browser has no public key of intermediate CAs for your service, will not be displayed. That is why we do not trust
@arber10
5 жыл бұрын
Sunny, thank you so much for your explanation.
@sunnyclassroom24
5 жыл бұрын
You are welcome!
What's the purpose of hierarchical trust model if for somehow the private key of the root CA's private key is compromised? Does it mean that all digital certs signed for intermediate CA are compromised and eventually digital certs signed for clients are also compromised?
@sunnyclassroom24
5 жыл бұрын
you are correct! if the top dog or intermediate CAs lost their private key, it would be definitely a bad thing for that company. However, it does not mean all clients are compromised. It only means that you cannot truly believe are truly encrypted. Anyway, as a user, we never trust a site we do not know. Simply we do not easily put credit card # or our confidential information to any site. We do not know if their private keys are already stolen. The original design is always "perfect", but we live in a "real" world. I don't disagree with you.
Do you think installing a third party certificate could have the possibility of breaking this trust chain? In some MITM attacks(used cain for arp poisoning to be specific, rather basic stuff, I was trying to learn how to use it) I'm used to install my own self signed certificate to the test machine so I don't have to deal with chrome alarming me at every page. Also, some school stuff requires you to install certificates onto your windows or android device, and even student tablets and smart board computers have meb's(milli eğitim bakanlığı - ministry of national education on Turkey) certificates pre-installed on them.
@sunnyclassroom24
4 жыл бұрын
for a public website, you need a third party certificate. For a website for a small group of people, you can use the self-signed one. The function is the same. However, there might some other differences I don't know. I really appreciate your insights and knowledge.
@pcislocked
4 жыл бұрын
@@sunnyclassroom24 Thanks. my English might be bad so I'm gonna ask it shortly will installing a third party root certificate to a system possibly break the security of all websites? maybe possibly through tools like cain&abel and stuff. since all other websites use different root certs it's not certain on my mind lol
simplified ... best
@sunnyclassroom24
3 жыл бұрын
Thank you for watching!
Watch in 1.5 speed.
@sunnyclassroom24
4 жыл бұрын
I will speak faster in the future.
@windwindson2871
4 жыл бұрын
@@sunnyclassroom24 I am much appreciated you speak slowly. Not all the viewers speak English as their mother tongue.
I wonder is this method is what used in Blockchain?
@jimihendrixx11
3 жыл бұрын
Yes
Sunny make video about how u creat dot1x authentication using server radius on windows server 2012 ,
Trustworthy reason is SlA and compensation they offered by CA
Under mattress is more secure.
I want hindi
...So......,How to break the global internet... 🤣
Thanks
@sunnyclassroom24
4 жыл бұрын
You are welcome!