Open Access

A search engine for the global PKI

Journal of Internet Services and Applications20101:9

https://doi.org/10.1007/s13174-010-0009-4

Received: 24 December 2009

Accepted: 24 June 2010

Published: 27 July 2010

Abstract

Today the public key technology enjoys wide acceptance and use. Countless network protocols and applications use it to guarantee strong authentication and privacy. Usability and maintainability of this technology remains problematic, however. It is still very cumbersome and time-consuming to set up an enterprise Public Key Infrastructure (PKI) that has relationships with external parties. The emergence of PKI bridges, while solving one set of problems, created a new one: management of distributed trust became much more difficult. Complexity of the global PKI mesh and its decentralized nature created a need for a service with a unified view of the global PKI. In this paper we propose a PKI search engine that can provide such a service. The engine supports facilities for certificate and certificate revocation list (CRL) discovery, testing and troubleshooting of extra-enterprise PKIs, certificate revocation status lookup, certification path construction and validation, all based on the Internet-mined and user-registered information.

Keywords

Public Key InfrastructurePKI meshX.509 certificateCertification authorityCertification path discovery and validationCertificate discovery