Hybrid Trust Model

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Some organizations might find a pure rooted trust model too restrictive, because no single CA can serve as the root for all other CAs. At the same time, a pure network model can become prohibitively complex if too many different CAs are involved. If you use a hybrid approach, however, you can cross-certify only certain CAs and thus use the benefits of both the rooted and network trust models.