A search engine for the global PKI
© The Brazilian Computer Society 2010
Received: 24 December 2009
Accepted: 24 June 2010
Published: 27 July 2010
Today the public key technology enjoys wide acceptance and use. Countless network protocols and applications use it to guarantee strong authentication and privacy. Usability and maintainability of this technology remains problematic, however. It is still very cumbersome and time-consuming to set up an enterprise Public Key Infrastructure (PKI) that has relationships with external parties. The emergence of PKI bridges, while solving one set of problems, created a new one: management of distributed trust became much more difficult. Complexity of the global PKI mesh and its decentralized nature created a need for a service with a unified view of the global PKI. In this paper we propose a PKI search engine that can provide such a service. The engine supports facilities for certificate and certificate revocation list (CRL) discovery, testing and troubleshooting of extra-enterprise PKIs, certificate revocation status lookup, certification path construction and validation, all based on the Internet-mined and user-registered information.