PKI past, present and future

  • Antonio Lioy
  • Marius Marian
  • Natalia Moltchanova
  • Massimiliano Pala
Special Issue Paper


This paper discusses some design and management issues in running an open PKI, based on the experience gained in the day-by-day operation of the EuroPKI infrastructure. The problems are discussed with an historical perspective that includes real-life lessons learnt in EuroPKI about certification practices, services and applications. User-reported problems are also discussed to identify problems that hamper large scale adoption of public-key certificates. The article closes with a general outlook for the field and the description of the future EuroPKI plans.


PKI OCSP Public-key certificates 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: Time-Stamp Protocol (TSP), RFC-3161 (August 2001)Google Scholar
  2. 2.
    Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC-2510 (March 1999)Google Scholar
  3. 3.
    AIPA: CIRCOLARE 19 giugno 2000 n. AIPA/CR/24 (2000) Italian MIT Website,
  4. 4.
    Alvestrand, H.: IETF Policy on Character Sets and Languages, RFC-2277 (January 1998)Google Scholar
  5. 5.
    Adams, C., Sylvester, P., Zolotarev, M., Zuccherato, R.: Data Validation and Certification Server Protocols, RFC-3039 (February 2001)Google Scholar
  6. 6.
    Blunk, L., Vollbrecht, J.: PPP Extensible Authentication Protocol (EAP), RFC-2284 (March 1998)Google Scholar
  7. 7.
    Chokhani, S., Ford, W.: Certificate Policy and Certification Practices Framework, RFC-2527 (March 1999)Google Scholar
  8. 8.
    Ellison, C., Schneier, B.: Ten risks of PKIs: what you're not being told about public key infrastructure. Comput. Security J. XVI (2000)Google Scholar
  9. 9.
    EuroPKI Certificate Policy – Version 1.1. EuroPKI website,
  10. 10.
    Federal Bridge Certification Authority,
  11. 11.
    GSI working group of the Global Grid Forum,
  12. 12.
    Guida, R., Stahl, R., Bunt, T., Secrest, G., Moorcones, J.: Deploying and using public key technology: lessons learned in real life. IEEE Security Privacy 2(4), 67–71 (2004)CrossRefGoogle Scholar
  13. 13.
    Gutmann, P.: PKI: It's not dead, just resting. IEEE Comput. 35(8), 41–49 (2002)Google Scholar
  14. 14.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC-2459 (January 1999)Google Scholar
  15. 15.
    Housley, R., Polk, W., Ford, W., Solo, D.: Certificate and Certificate Revocation List (CRL) Profile, RFC-3280 (April 2002)Google Scholar
  16. 16.
    IEEE 802.11 working group,
  17. 17.
    IEEE Std. 802.11a-1999(R2003), Supplement to IEEE Std. 802.11-1999, High-speed Physical Layer in the 5 GHz band, ISO/IEC 8802-11:1999/Amd 1:2000(E) (June 2003).
  18. 18.
    IEEE Std. 802.11b-1999/Cor1-2001, Amendment 2 to IEEE Std. 802.11-1999, Higher-speed Physical Layer (PHY) extension in the 2.4 GHz band–Corrigendum1, SS94952 (November 2001).
  19. 19.
    IEEE Std. 802.11gtm-2003, Amendment 4 to IEEE Std. 802.11-1999, Further Higher-Speed Physical Layer Extension in the 2.4 GHz Band, SS95134 (June 2003).
  20. 20.
    IEEE Std. 802.1X-2001, Port-Based Network Access Control, ISBN-0-7381-2927-5 (June 2001).
  21. 21.
    IETF PKIX (Public-Key Infrastructure based on X.509) working group,
  22. 22.
    Iliadis, J., Gritzalis, S., Spinellis, D., de Coc, D., Preneel, B., Gritzalis, D.: Towards a framework for evaluating certificate status information mechanisms. Comput. Commun. 26(16), 1839–1850 (2003)CrossRefGoogle Scholar
  23. 23.
    ISO/IEC: Information Technology – Universal Multiple-Octet Coded Character Set (UCS). Part 1: Architecture and Basic Multilingual Plane (May 1993) with amendmentsGoogle Scholar
  24. 24.
    Kent, S.: Privacy Enhancement for Internet Electronic Mail. Part II: Certificate-Based Key Management, RFC-1422 (February 1993)Google Scholar
  25. 25.
    Lioy, A., Marian, M., Moltchanova, N., Pala, M.: The EuroPKI experience. In: Proceedings of the First European Workshop on Public-Key Infrastructures, Samos Island, Greece, June 25–26, LNCS, vol. 3093 pp. 14–27. Springer Verlag, Berlin (2004)Google Scholar
  26. 26.
    Malpani, A., Housley, R., Freeman, T.: Simple Certificate Validation Protocol (SCVP), IETF Draft, PKIX working group (October 2003)Google Scholar
  27. 27.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: Online Certificate Status Protocol – OCSP, RFC-2560 (June 1999)Google Scholar
  28. 28.
    NIST: Public Key Interoperability Test Suite (PKITS),
  29. 29.
    Policy of the TERENA Academic CA Repository (TACAR),
  30. 30.
    Polk, W.T., Hastings, N.E.: Bridge Certification Authorities: Connecting B2B Public Key Infrastructures, NIST (September 2000)Google Scholar
  31. 31.
    Ramsdell, B.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification, RFC-3851 (July 2004)Google Scholar
  32. 32.
    RSA Laboratories: PKCS#11: Conformance Profile Specification, Version 2.11 (October 1, 2000)Google Scholar
  33. 33.
    RSA Laboratories: PKCS#12: Personal Information Exchange Syntax Standard, Version 1.0 (June 24, 1999)Google Scholar
  34. 34.
    Shiller, J.I.: The MIT CA experience. Proceedings of the 61st Internet Engineering Task Force, Washington, DC, USA (November 2004).
  35. 35.
    Spencer, J.: The Federal PKI – Looking Forward,
  36. 36.
    TACAR: TERENA Academic CA Repository,
  37. 37.
    TERENA AACE Task Force: Authentication, Authorisation Coordination for Europe,
  38. 38.
    The Challenge PKI project,
  39. 39.
    The European Policy Management Authority for Grid Authentication in e-Science,
  40. 40.
    The International Grid Federation,
  41. 41.
  42. 42.
    The OpenCA project,
  43. 43.
    The PKI challenge project,
  44. 44.
    Tuecke, S., Engert, D., Foster, I., Welch, V., Thompson, M., Pearlman, L., Kesselman, C.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile, IETF Draft, PKIX working group (May 2003)Google Scholar
  45. 45.
    Urien, P., Farrugia, A.J., Groot, M., Pujolle, G., Abellan, J.: EAP-Support in Smartcard, IETF Draft, 2003,
  46. 46.
    Weider, C., Preston, C., Simonsen, K., Alvestrand, H., Atkinson, R., Crispin, M., Svanberg, P.: The Report of the IAB Character Set Workshop held 29 February–1 March, 1996, RFC-2130 (April 1997)Google Scholar
  47. 47.
    Yergeau, F.: UTF-8, A Transformation Format of ISO 10646, RFC-2279 (January 1998)Google Scholar

Copyright information

© Springer-Verlag 2005

Authors and Affiliations

  • Antonio Lioy
    • 1
  • Marius Marian
    • 1
  • Natalia Moltchanova
    • 1
  • Massimiliano Pala
    • 1
  1. 1.Dipartmento di Automatica e InformaticaPolitecnico di TorinoTorinoItaly

Personalised recommendations