Trust anchor

Share on facebook
Share on twitter


5 views | 27 Dec. 2020

Provided to YouTube by

Provided to YouTube by Amuseio AB

Run · trust anchor

Echo Chamber

℗ trust anchor

Released on: 2020-12-28

Music Publisher: Copyright Control

Music Publisher: Copyright Control

Music Publisher: Copyright Control

Music Publisher: Copyright Control

Composer Lyricist: Mike Lyke

Composer Lyricist: Chris Jones

Composer Lyricist: Alan Reinmuth

Composer Lyricist: Jay Sanchez

Auto-generated by YouTube.

Trust anchor

Share on facebook
Share on twitter

PKI - trust & chain of trust -why, who and how?

74 467 views | 3 Feb. 2018

What is public key

What is public key infrastructure? What is trust? Why do we need trust over the Internet? Who should be trusted?

In this video, I will talk about two trust models: Hierarchical Trust Model and distributed trust model, and how they help us to build trust with strangers over the Internet so that we could be able to do business online.

I will use an example how these models work.

Playlist: Advanced Cryptography -


Playlist: Basic Cryptography


Please subscribe to my channel!

Please leave comments or questions!

Many thanks,

Sunny Classroom

Bobby Beduya

Illustrations are helpful. Complicated theories explained in a simple way.

Parachuri Monica

Very well explained about the topics in a much simpler way with nice illustration

Ronnel Marfil

Finally found something that explains it well. Thanks!

Phương Bùi Văn

Why the private key can decryp the public key? Thank you very much

Lubomir Tzvetkov

Thank you for the tutorial. Everything is so well explained.

jennifer willams

All thanks to Mystery_hacker99 on !G..he’s so reliable

Machiavelli Patriot

Under mattress is more secure.

Peter Wang

Concise and Precise as always


another short, packed full of information, and well explained, video. thank you.

Arber Osmani

Thank you for your videos. These are great! Question: When gmail send his certificate, which is signed by the intermediate CA, does he send the CA also to me (client)? I might have the global CA to verify the intermediate CA later on, but I might miss the intermediate CA on my pc. So how does gmail make sure, I get access to the intermediate CA too?

Narayana Sai C

*** Warning to Learners: Sunny Class room may cause addiction more than Netflix ...be prepare for it.*** Thank you Sir for great tutorials.

Jay Evans

Great. Thank you.




Greatly done Sunny...!!!

shubham ghuge

Thank you sir for this video✌

Myo Ko Ko Zaw


Sudeshna Pal

Awesome content.Finally this is the place where explanation was super simple

Govind Rai

Hey Sunny! Is there a mistake in this video? At 3:56 you are saying that the hierarchical model is limited because once the private key of the Root CA is compromised, those certificates will become worthless.

But isn't that exactly the same issue with the distributed ones? I can't any intermediate certificates if the root is compromised, the root is once again the single point of failure? Appreciate an explanation.

Chris Mahoney

Best explanation I have seen! Thank you so much!

Sheshadri Madhu

Thanks a lot for the videos, they are clear and helpful :)

Urvashikeshari Keshari

I want hindi

Daniele Pugliese

Hi, thank you for your tutorial. I have a question. The gmail digital certificate needs to be created by owner or by the CA authority ?

Ameya Patil


Daniel Goh

Thank you for this video !It really helped me understand the concept of root CAs.


Explained in the best possible way .... Very nice

sth thapa

Thanyou sir.. You are the best in the world.. Love you so much


Sunny your awesome videos help me so much.

Hikky So

Thank you Sunny! I just happened to find your video when I was looking for some information about PKI, and your video helped me a lot about understanding the concept. I watched some more videos that you created and I really liked them. You explained such complicated things rather simply and very clearly! I am taking Info. Systems Security online course at a university. I'm sure that I'll come back to watch other related videos as well!

Conscientious Observer

Thank you for this tutorial guide lesson


Brilliantly Concise Explanation yet again. Thanks a lot Sunny!

Александра Дубовик

thank youuu!!!!!!

krishna chaitanya

I wonder is this method is what used in Blockchain?

Alex Chang

I have seen a lot of resources online about PKI. This is by far the best one in my opinion. The concepts are brilliantly explained in a simple and concise manner. Very easy to understand. Thank you!


Do you think installing a third party certificate could have the possibility of breaking this trust chain? In some MITM attacks(used cain for arp poisoning to be specific, rather basic stuff, I was trying to learn how to use it) I'm used to install my own self signed certificate to the test machine so I don't have to deal with chrome alarming me at every page. Also, some school stuff requires you to install certificates onto your windows or android device, and even student tablets and smart board computers have meb's(milli eğitim bakanlığı - ministry of national education on Turkey) certificates pre-installed on them.

Miguel Ledesma

Excelent explanation, thank you for helps us!

Albert Kristian

What's the purpose of hierarchical trust model if for somehow the private key of the root CA's private key is compromised? Does it mean that all digital certs signed for intermediate CA are compromised and eventually digital certs signed for clients are also compromised?


I love sunny and I love his music.

Nitin Sharma

Well explained, clear and crisp... Hats off Sir... Thank you for amazing tutorial.

dayumn son

Is there a mistake in this video? At 3:56 you are saying that the hierarchical modell is limited because once the private key is compromised certifitcates will become worthless.

But that's exactly the same issue with the distributed ones? I can't trust a single certificate if the root is compromised?

Rajesh George

simplified ... best

Omar Owens

You're the best Sunny, thank you!!


...So......,How to break the global internet... ?

Konstantin Rebrov

Watch in 1.5 speed.

Val B

Sunny, question - you mentioned that purpose of PKI is to facilitate a safe transfer electronic transfer of data over the internet, is this definition same for SSL? Thanks.

Zidane Tribal

Wow! thank you Sunny for the high quality lecture :)

Tech ch

how to become CA/intermediate-CA/Delegated signing authority? any CA will provide Signing certificate (certificate with signing right ?

artic wolf

Thank you for your help

Ashutosh Singh

Thanks it was a great video

Matt Marinelli

much more in depth than Messer!

it memo

You are the best on YouTube!

Danyell Baptiste

Very Good Tutorial, Thank you Sir!!


Thanks for your video, I was in mid of a confusion as my client sent a certificate which was not working in my modem. Suddenly I found in video that a ROOT CA's supplier and supplied to must be same. I checked and my certificate was wrong. Thanks again.

Chanura Hemal

Best video about this concept ?

Trust anchor

Share on facebook
Share on twitter

KSK Key Signing Ceremony (16 Jun 10)

528 572 views | 18 Jun. 2010

Highlights and a

Highlights and a description of the June 16, 2010 Key Signing Ceremony.

Mark Richardson

you would think he would be wearing a shirt and tie for the interview instead of a t shirt. He would give you more confidence in what he is telling us. Must have been filmed on casual Friday

Matt T



Faisal Al-Jabri

this asianguy is funny


Did he say "we can drill" to get the keys?

Lester Nubla

They use Samsung and LG. The Purchasing Officer must be Korean. :P

fragile dream

7 keys to rule them all


blockchain technology has made this obsolete. See Bitcoin, namecoin and MaidSafe


00:01 is he the Architect of The Matrix?

Greatest Ever

Funny how they have all these security measures in place for the internet keys but didnt for the ammonium nitrate being stored in Beirut. Also, they will shut down the internet whenever & wherever they want so this transparency spectacle, er ceremony, to build trust is just a joke.

Emily Shepherd

Bit weird to talk about the designing of DNSSEC and not mention the IETF?

aziz kaffa


jack j

Коробочки имеют прямую связь с NSA )))

Mahmoud El Arch

Vinton Cerf is the co-father of the Internet, Robert Kahn is to not forget too
Also, Vint looks like the Architect from The Matrix movies !

Nate Lawson

Much ado about nothing. DNSSEC sucks.

John Corey

In reply to Casey's comment (no reply button showing)...

Vent stepped down after the first key signing he attended.

Alex Besogonov

Why not just use this key immediately to sign the root zone and then physically destroy the private key? It's not like TLDs are appearing every day, so all new TLDs additions can be postponed until the next Ceremony.

Jason Tran

Vinton Cerf looks like the architect from the matrix


I thought this was a myth...

Dominus Fons

It would be cool if they made a movie about a heist to shutdown the internet...


Thanks for giving me an idea for my next movie! ;)

Michael Torres

Lol ICANN is the SCP foundation of the internet

ThisIs MyName

1024 bit RSA :(


Rock on!

Steroid Sp

TIL that there are 7 primary keyholders of the Internet. Each keyholder is chosen for their geographical spread and Internet security background to ensure that no one country has more keyholders. The keyholders are a last resort option in case something catastrophic happens to the world's Internet. https://trend.financesheff.site/today-i-learned/til-that-there-are-7-primary-keyholders-of-the-internet-each-keyholder-is-chosen-for-their-geographical-spread-and-internet-security-background-to-ensure-that-no-one-country-has-more-keyholders-the/


No biggie. Call Ocean's Eleven !


A SPOF nightmare ..

Esdras Mayrink

The Elders of the Internet.


I wish I had a diagram of the security measures


Who is Vinton Cerf ?  I thought Al Gore invented the internet ?

Fab baF

This looks like a big security show to mask the real weak link here: those crypto boxes. If somehow these things can be forced to spit out the private keys in some way - be it hacked, modified firmware, bribing or backdoors by the company who made them, you name it - the whole thing is a red tape joke. And given all recent revelations, those who argue this is totally impossible may well be in for a surprise one day. If were to be part of this show, they could only seriously convince me by having a full build of those boxes' firmware on the spot, handing out a full post-build copy of the source code build platform to everyone present and subsequently loading the firmware on a fully exposed, photographed and documented hardware board, eventually sealed in a box. This show actually looks more worrying than reassuring to me.


One key to rule them all.
One key to sign them.
One key to trust them all
and in the servers bind them.
In the valley of silicon where the earthquakes are.

Joe Smith

I read that outside the building the key signing groupies were screaming the whole time.

RPM Internet Dose

internets key people.