Public Key Infrastructures (PKIs) were developed to address the key distribution problem of asymmetric cryptography. Certificates bind an identity to a public key and are signed by a trustworthy entity, called the issuer. Although seemingly a simple concept, the setup of a PKI is not an easy task at all. Trustworthy issuers need to be guaranteed, and certificates must be issued conforming to certain standards. A correct deployment is needed to ensure the PKI is usable for the parties that rely on it. Some PKIs, like the important X.509 PKI for TLS, were criticised from early on for being poor examples with respect to these aspects. The objective of this thesis is to provide a sound analysis of important PKIs and to analyse proposals for improvements for one of them, X.509.
|Award date||5 May 2014|
|Publication status||Published - 2014|