http://www.anu.edu.au/people/Roger.Clarke/II/PKIMisFit.html
Public Key Infrastructure: An Artifact Ill-Fitted to the Needs of the
Information Society
Abstract
It has been conventional wisdom that, for e-commerce to fulfill its
potential, each party to a transaction must be confident in the identity of
the others. Digital signature technology, based on public key cryptography,
has been claimed as the means whereby this can be achieved. Digital
signatures do little, however, unless a substantial infrastructure is in
place to provide a basis for believing that the signature means something
of significance to the relying party.
Conventional, hierarchical PKI, built around the ISO standard X.509, has
been, and will continue to be, a substantial failure. This paper examines
that form of PKI architecture, and concludes that it is a very poor fit to
the real needs of cyberspace participants. The reasons are its inherently
hierarchical and authoritarian nature, the unreasonable presumptions it
makes about the security of private keys, a range of other technical
defects, confusions about what it is that a certificate actually
authenticates, and its inherent privacy-invasiveness. Alternatives are
identified.
--
-----------------
R. A. Hettinga