What is public trust?
Public trust on the internet is crucial to the acceptance and adoption of new technologies and in engaging in online transactions. According to Pew Research trust is a social, economic and political binding agent. However, only 48% of respondents believe that trust for the internet will increase in the next decade.
As it relates to Public Key Infrastructure, or PKI, publicly issued digital certificates are used on publicly facing websites. The public can review the digital certificate in a web browser to determine if the website is authentic and the website owner is legitimate. Many websites that collect personal information are trusted by the public to secure their data. In addition, public certificates are audited and logged in Certificate Transparency Logs (CT logs) to upkeep public trust.
What is private PKI or private trust?
Private trust related to Public Key Infrastructure, or PKI, involves private digital certificates issued by a private root from a Certificate Authority for a specific organization or company.
Organizations that set up a private root have more control over certificate profiles and subjects named in the certificate. In addition, setting up a dedicated private root ensures that only your team can issue certificates from that root.
Why are public and private trust both important?
Public and private trust are both important because they are both needed for PKI, or public key infrastructure. Publicly trusted websites require public trust because they are accessible to the public for interactions and transactions. In contrast, internal organizational websites and servers only require private trust because they are not accessible by everyone.