This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Not Reinventing PKI until We Have Something Better
September/October 2011 (vol. 15 no. 5)
pp. 95-98
Stephen Farrell, Trinity College Dublin

Although X.509-based PKI has some well-known problems, they're being, or can be, addressed. In the past, those problems led to proposals for reinventing PKI based on other technologies. However, none of the proposals provided sufficient additional benefit to gain broad adoption. While there are reasons to change and evolve X.509-based PKI, for the present there are no compelling reasons to reinvent the technology.

1. D. Cooper et al., Internet X.509 Public-Key Infrastructure Certificate and Cer-tificate Revocation List (CRL) Profile, IETF RFC 5280, May 2008; www.ietf.org/rfcrfc5280.txt.
2. P. Hallam-Baker, "The Recent RA Com-promise," blog, 23 Mar. 2011, http://blogs.comodo.com/it-security/data-security the-recent-ra-compromise/.
3. J. Callas et al., OpenPGP Message Format, IETF RFC 4880, Nov. 2007; www.ietf.org/rfcrfc4880.txt.
4. C. Ellison et al., SPKI Certificate Theory, IETF RFC 2693, Sept. 1999; www.ietf.org/rfcrfc2693.txt.
5. P. Hallam-Baker and S. Mysore, XML Key Management Specification (XKMS 2.0), W3C recommendation, June 2005; www.w3.org/TRxkms2/.
6. R. Arends et al., DNS Security Introduction and Requirements, IEFT RFC 4033, Mar. 2005; www.ietf.org/rfcrfc4033.txt.

Index Terms:
PKI, reinvention, X.509, Internet security
Citation:
Stephen Farrell, "Not Reinventing PKI until We Have Something Better," IEEE Internet Computing, vol. 15, no. 5, pp. 95-98, Sept.-Oct. 2011, doi:10.1109/MIC.2011.120
Usage of this product signifies your acceptance of the Terms of Use.