PKI (Public Key Infrastructure)
Radia Perlman, Sun Microsystems Laboratories
Security without Public Key Cryptography
Functional Comparison between Public Key– and Secret Key–Based Systems
Issues with Public Key Infrastructure
PKI is an acronym for “public key infrastructure.” This chapter discusses what that means and the challenges associated with providing this functionality.
If Bob believes Alice's public key is pubA, and Alice knows the private key associated with pubA, then Bob can use pubA to encrypt a message for Alice, or Alice can use the associated private key to prove to Bob that she is Alice (i.e., she can authenticate to Bob). The purpose of a PKI is to provide a convenient and secure method for obtaining the public key associated with some principal.
The basic idea is to have a trusted authority known as a CA (certification authority) digitally sign a message known as a certificate, thereby vouching that a particular key goes with a particular name. If Alice has been certified by the CA, Bob knows the CA's public key, Bob trusts that CA, and Bob receives Alice's certificate, then he can validate the CA's signature on that certificate and know Alice's public key. In the chapter about digital certificates in this volume, ...