As much as I love PKI (public key infrastructure) and the mathematical security it can provide, it’s usually horribly implemented in the real world.
If done right, like the inventors intended, it would be darn near perfect. It’s mostly broken because admins don’t deploy it right, software doesn’t enforce what needs to be enforced, and users pretty much bypass any PKI warning, resulting in untold downloads of who knows how much malware.
One of the biggest problems with PKI is something most users don’t think about: the broken certificate revocation process. Digital certificates are supposed to be revoked when their private keys become compromised or for some other reason shouldn’t be trusted or used, as determined by the CA (certification authority) that issued the certificate. A revoked certificate is supposed to be the same as no certificate.
To read this article in full or to leave a comment, please click here