Académique Documents
Professionnel Documents
Culture Documents
infrastructure
In cryptography, a PKI is an
arrangement that binds public keys
with respective identities of entities
(like people and organizations). The
binding is established through a
process of registration and issuance of
certificates at and by a certificate
authority (CA). Depending on the
assurance level of the binding, this may
be carried out by an automated
process or under human supervision.
Methods of certification
Broadly speaking, there have
traditionally been three approaches to
getting this trust: certificate authorities
(CAs), web of trust (WoT), and simple
public key infrastructure (SPKI).
Certificate authorities
Web of trust
Blockchain-based PKI
History
Developments in PKI occurred in the
early 1970s at the British intelligence
agency GCHQ, where James Ellis,
Clifford Cocks and others made
important discoveries related to
encryption algorithms and key
distribution.[16] However, as
developments at GCHQ are highly
classified, the results of this work were
kept secret and not publicly
acknowledged until the mid-1990s.
Uses
PKIs of one type or another, and from
any of several vendors, have many
uses, including providing public keys
and bindings to user identities which
are used for:
Open source
implementations
OpenSSL is the simplest form of CA
and tool for PKI. It is a toolkit,
developed in C, that is included in all
major Linux distributions, and can be
used both to build your own (simple)
CA and to PKI-enable applications.
(Apache licensed)
EJBCA is a full featured, Enterprise
grade, CA implementation developed
in Java. It can be used to set up a CA
both for internal use and as a
service. (LGPL licensed)
OpenCA is a full featured CA
implementation using a number of
different tools. OpenCA uses
OpenSSL for the underlying PKI
operations.
XCA is a graphical interface, and
database. XCA uses OpenSSL for the
underlying PKI operations.
(Discontinued) TinyCA was a
graphical interface for OpenSSL.
XiPKI,[19] CA and OCSP responder.
With SHA3 support, OSGi-based
(Java).
IoT_pki is a simple PKI built using
the python cryptography library
DogTag is a full featured CA
developed and maintained as part of
the Fedora Project.
Criticism
Some argue that purchasing
certificates for securing websites by
SSL and securing software by code
signing is a costly venture for small
businesses.[20]. However, the
emergence of free alternatives such as
Let's Encrypt, has changed this.
Presently Symantec holds a major
share in PKI certificate market which
sold one third of all certificates issued
globally in 2013.[21] HTTP/2, the latest
version of HTTP protocol allows
unsecured connections in theory, in
practice major browser companies
have made it clear that they would
support this state-of-art protocol only
over a PKI secured TLS connection.[22]
Web browser implementation of
HTTP/2 including Edge from Microsoft,
Chrome from Google, Firefox from
Mozilla, and Opera supports HTTP/2
only over TLS by using ALPN extension
of TLS protocol. This would mean that
to get the speed benefits of HTTP/2,
website owners would be forced to
purchase SSL certificates controlled by
corporations such as Symantec.
See also
Certificate-Less Authenticated
Encryption
References
1. "What is a Public Key Infrastructure -
A Simple Overview , April 17, 2015" .
2. "An Overview of Public Key
Infrastructures (PKI)" . Techotopia.
Retrieved 26 March 2015.
3. "Public Key Infrastructure" . MSDN.
Retrieved 26 March 2015.
4. Adams, Carlisle & Lloyd, Steve (2003).
Understanding PKI: concepts,
standards, and deployment
considerations . Addison-Wesley
Professional. pp. 11–15. ISBN 978-0-
672-32391-1.
5. Trček, Denis (2006). Managing
information systems security and
privacy . Birkhauser. p. 69. ISBN 978-3-
540-28103-0.
6. Vacca, Jhn R. (2004). Public key
infrastructure: building trusted
applications and Web services . CRC
Press. p. 8. ISBN 978-0-8493-0822-2.
7. Viega, John et al. (2002). Network
Security with OpenSSL . O'Reilly Media.
pp. 61–62. ISBN 978-0-596-00270-1.
8. McKinley, Barton (January 17, 2001).
"The ABCs of PKI: Decrypting the
complex task of setting up a public key
infrastructure" . Network World.
9. Al-Janabi, Sufyan T. Faraj et al.
(2012). "Combining Mediated and
Identity-Based Cryptography for
Securing Email". In Ariwa, Ezendu et al.
Digital Enterprise and Information
Systems: International Conference, Deis,
[...] Proceedings . Springer. pp. 2–3.
10. "Mike Meyers CompTIA Security+
Certification Passport", by T. J.
Samuelle, p. 137.
11. Henry, William (4 March 2016).
"Trusted Third Party Service" .
12.
http://news.netcraft.com/archives/201
5/05/13/counting-ssl-certificates.html
13. Single Sign-On Technology for SAP
Enterprises: What does SAP have to
say? "Archived copy" . Archived from
the original on 2011-07-16. Retrieved
2010-05-25.
14. "Public Key Infrastructure" (PDF).
saylor. Retrieved 2016-08-29.
15. Ed Gerck, Overview of Certification
Systems: x.509, CA, PGP and SKIP, in
The Black Hat Briefings '99,
http://www.securitytechnet.com/resour
ce/rsc-
center/presentation/black/vegas99/cert
over.pdf and http://mcwg.org/mcg-
mirror/cert.htm
16. Ellis J. H., January 1970,The
Possibility of Secure Non-Secret Digital
Encryption Archived 2014-10-30 at the
Wayback Machine.
17. Stephen Wilson, December 2005,
"The importance of PKI today"
Archived 2010-11-22 at the Wayback
Machine., China Communications,
Retrieved on 2010-12-13
18. Mark Gasson, Martin Meints, Kevin
Warwick (2005), D3.2: A study on PKI
and biometrics , FIDIS deliverable (3)2,
July 2005
19. "xipki/xipki · GitHub" . Github.com.
Retrieved 2016-10-17.
20. Should We Abandon Digital
Certificates, Or Learn to Use Them
Effectively? , Forbes magazine
21. SSL statistics Statistics report
collected by Netcraft, an internet service
company in UK
22. HTTP/2 Frequently Asked
Questions From Github HTTP/2 wiki
23. "Microsoft Security Advisory:
Fraudulent Digital Certificates could
allow spoofing" . Microsoft. March 23,
2011. Retrieved 2011-03-24.
Retrieved from
"https://en.wikipedia.org/w/index.php?
title=Public_key_infrastructure&oldid=8292393
49"
Last edited 23 days ago by Mauls