Skip to main content
SpringerLink
Log in

PKI past, present and future

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

This paper discusses some design and management issues in running an open PKI, based on the experience gained in the day-by-day operation of the EuroPKI infrastructure. The problems are discussed with an historical perspective that includes real-life lessons learnt in EuroPKI about certification practices, services and applications. User-reported problems are also discussed to identify problems that hamper large scale adoption of public-key certificates. The article closes with a general outlook for the field and the description of the future EuroPKI plans.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: Time-Stamp Protocol (TSP), RFC-3161 (August 2001)

  2. Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC-2510 (March 1999)

  3. AIPA: CIRCOLARE 19 giugno 2000 n. AIPA/CR/24 (2000) Italian MIT Website, http://www.innovazione.gov.it

  4. Alvestrand, H.: IETF Policy on Character Sets and Languages, RFC-2277 (January 1998)

  5. Adams, C., Sylvester, P., Zolotarev, M., Zuccherato, R.: Data Validation and Certification Server Protocols, RFC-3039 (February 2001)

  6. Blunk, L., Vollbrecht, J.: PPP Extensible Authentication Protocol (EAP), RFC-2284 (March 1998)

  7. Chokhani, S., Ford, W.: Certificate Policy and Certification Practices Framework, RFC-2527 (March 1999)

  8. Ellison, C., Schneier, B.: Ten risks of PKIs: what you're not being told about public key infrastructure. Comput. Security J. XVI (2000)

  9. EuroPKI Certificate Policy – Version 1.1. EuroPKI website, http://www.europki.org

  10. Federal Bridge Certification Authority, http://csrc.nist.gov/pki/fbca/welcome.html

  11. GSI working group of the Global Grid Forum, http://www.gridforum.org/2_SEC/GSI.htm

  12. Guida, R., Stahl, R., Bunt, T., Secrest, G., Moorcones, J.: Deploying and using public key technology: lessons learned in real life. IEEE Security Privacy 2(4), 67–71 (2004)

    Article  Google Scholar 

  13. Gutmann, P.: PKI: It's not dead, just resting. IEEE Comput. 35(8), 41–49 (2002)

    Google Scholar 

  14. Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC-2459 (January 1999)

  15. Housley, R., Polk, W., Ford, W., Solo, D.: Certificate and Certificate Revocation List (CRL) Profile, RFC-3280 (April 2002)

  16. IEEE 802.11 working group, http://grouper.ieee.org/groups/802/11/

  17. IEEE Std. 802.11a-1999(R2003), Supplement to IEEE Std. 802.11-1999, High-speed Physical Layer in the 5 GHz band, ISO/IEC 8802-11:1999/Amd 1:2000(E) (June 2003). http://standards.ieee.org/getieee802/download/802.11a-1999.pdf

  18. IEEE Std. 802.11b-1999/Cor1-2001, Amendment 2 to IEEE Std. 802.11-1999, Higher-speed Physical Layer (PHY) extension in the 2.4 GHz band–Corrigendum1, SS94952 (November 2001). http://standards.ieee.org/getieee802/download/802.11b1999_Cor1-2001.pdf

  19. IEEE Std. 802.11gtm-2003, Amendment 4 to IEEE Std. 802.11-1999, Further Higher-Speed Physical Layer Extension in the 2.4 GHz Band, SS95134 (June 2003). http://standards.ieee.org/getieee802/download/802.11g-2003.pdf

  20. IEEE Std. 802.1X-2001, Port-Based Network Access Control, ISBN-0-7381-2927-5 (June 2001). http://standards.ieee.org/getieee802/download/802.1X-2001.pdf

  21. IETF PKIX (Public-Key Infrastructure based on X.509) working group, http://www.ietf.org/html.charters/pkix-charter.html

  22. Iliadis, J., Gritzalis, S., Spinellis, D., de Coc, D., Preneel, B., Gritzalis, D.: Towards a framework for evaluating certificate status information mechanisms. Comput. Commun. 26(16), 1839–1850 (2003)

    Article  Google Scholar 

  23. ISO/IEC: Information Technology – Universal Multiple-Octet Coded Character Set (UCS). Part 1: Architecture and Basic Multilingual Plane (May 1993) with amendments

  24. Kent, S.: Privacy Enhancement for Internet Electronic Mail. Part II: Certificate-Based Key Management, RFC-1422 (February 1993)

  25. Lioy, A., Marian, M., Moltchanova, N., Pala, M.: The EuroPKI experience. In: Proceedings of the First European Workshop on Public-Key Infrastructures, Samos Island, Greece, June 25–26, LNCS, vol. 3093 pp. 14–27. Springer Verlag, Berlin (2004)

  26. Malpani, A., Housley, R., Freeman, T.: Simple Certificate Validation Protocol (SCVP), IETF Draft, PKIX working group (October 2003)

  27. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: Online Certificate Status Protocol – OCSP, RFC-2560 (June 1999)

  28. NIST: Public Key Interoperability Test Suite (PKITS), http://csrc.nist.gov/pki/testing/x509paths.html

  29. Policy of the TERENA Academic CA Repository (TACAR), https://www.tacar.org/docs/tacar-policy-v1.01.pdf

  30. Polk, W.T., Hastings, N.E.: Bridge Certification Authorities: Connecting B2B Public Key Infrastructures, NIST (September 2000)

  31. Ramsdell, B.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification, RFC-3851 (July 2004)

  32. RSA Laboratories: PKCS#11: Conformance Profile Specification, Version 2.11 (October 1, 2000)

  33. RSA Laboratories: PKCS#12: Personal Information Exchange Syntax Standard, Version 1.0 (June 24, 1999)

  34. Shiller, J.I.: The MIT CA experience. Proceedings of the 61st Internet Engineering Task Force, Washington, DC, USA (November 2004). http://www1.ietf.org/proceedings_new/04nov/slides/easycert-0.pdf

  35. Spencer, J.: The Federal PKI – Looking Forward, http://www.cio.gov/fpkisc/presentations/hhsbrief.ppt

  36. TACAR: TERENA Academic CA Repository, http://www.tacar.org

  37. TERENA AACE Task Force: Authentication, Authorisation Coordination for Europe, http://www.terena.nl/tech/task-forces/tf-aace/

  38. The Challenge PKI project, http://www.jnsa.org/mpki/

  39. The European Policy Management Authority for Grid Authentication in e-Science, http://www.eugridpma.org/

  40. The International Grid Federation, http://www.gridpma.org/

  41. The Japan PKI forum, http://www.japanpkiforum.jp/E/index.htm

  42. The OpenCA project, http://www.openca.org

  43. The PKI challenge project, http://www.eema.org

  44. Tuecke, S., Engert, D., Foster, I., Welch, V., Thompson, M., Pearlman, L., Kesselman, C.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile, IETF Draft, PKIX working group (May 2003)

  45. Urien, P., Farrugia, A.J., Groot, M., Pujolle, G., Abellan, J.: EAP-Support in Smartcard, IETF Draft, 2003, http://www.globus.org/security/standards/draft-ietf-pkix-proxy-06.txt

  46. Weider, C., Preston, C., Simonsen, K., Alvestrand, H., Atkinson, R., Crispin, M., Svanberg, P.: The Report of the IAB Character Set Workshop held 29 February–1 March, 1996, RFC-2130 (April 1997)

  47. Yergeau, F.: UTF-8, A Transformation Format of ISO 10646, RFC-2279 (January 1998)

Download references

Author information

Authors and Affiliations

  1. Dipartmento di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, Torino, Italy

    Antonio Lioy, Marius Marian, Natalia Moltchanova & Massimiliano Pala

Authors
  1. Antonio Lioy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marius Marian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Natalia Moltchanova
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Massimiliano Pala
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antonio Lioy.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lioy, A., Marian, M., Moltchanova, N. et al. PKI past, present and future. Int. J. Inf. Secur. 5, 18–29 (2006). https://doi.org/10.1007/s10207-005-0077-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-005-0077-9

Keywords

Search

Navigation