Problems Building a Public Key Infrastructure

Many people believe that a working public key infrastructure is a prerequisite for commerce on the World Wide Web: we disagree. Already, substantial commerce is occurring on the Internet based on old-style, easily forged credit cards, rather than high-tech digital signatures. Thus, the additional security offered by digital signatures may not be necessary if there is money to be made.

It is also not clear that the current vision of a public key infrastructure can even be built. Today’s vision calls for a system with multiple CAs and with thousands or millions of different users, each obtaining, invalidating, and discarding certificates and public keys as needed. For the past 20 years, the technology has really not been tested outside the lab except in very controlled environments.[34] In the following sections, we’ll look at the problems that must be faced in building a PKI.

Private Keys Are Not People

Digital signatures facilitate the proof of identity, but they are not proofs of identity by themselves. All they prove is that a person (or a program) signing the digital signature has access to a particular private key that happens to match a particular public key that happens to be signed by a particular CA. Unless the private key is randomly generated and stored in such a way that it can only be used by one individual, the entire process can be suspect.

Unfortunately, both of those processes depend on the security of the end user’s computer. ...

Get Web Security and Commerce now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.