Sciweavers

ECIS
2001

The Fundamental Inadequacies of Conventional Public Key Infrastructure

14 years 2 months ago
The Fundamental Inadequacies of Conventional Public Key Infrastructure
It has been conventional wisdom that, for e-commerce to fulfil its potential, each party to a transaction must be confident about the identity of the others. Digital signature technology, based on public key cryptography, has been claimed as appropriate means to achieve this aim. Digital signatures do little, however, unless a substantial 'public key infrastructure' (PKI) is in place, such that parties know what is being authenticated, and what level of assurance is provided. Conventional PKI, built around the ISO standard X.509, has been, and will continue to be, a substantial failure. This paper examines conventional X.509v3-based PKI architecture, and identifies key deficiencies including its inherently hierarchical and authoritarian nature, its unreasonable presumptions about the security of private keys, a range of other technical and implementation defects, confusions about what it is that a certificate actually provides assurance about, and its inherent privacy-invasi...
Roger Clarke
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2001
Where ECIS
Authors Roger Clarke
Comments (0)