I visited Redmond at the end of March and while there we were discussing certificates and PKI. Nick a recent Lync Microsoft Certified Master (MCM) was sharing how he explained how certificate authorities worked and he gave me permission to post on his behalf.
Here is Nick sharing his wisdom
Think of PKI like the mafia, its a big bunch of old-boys who know each other. One vouches for another… "this guy is a friend of ours". In this case, the guy being vouched for was being vouched for by some unknown capo from some other family.
TomL LCSKid – Nick trusts me, so can you