Stephen Kent's "Challenges to PKI Deployment"

Challenges to PKI Deployment 


Stephen Kent

Chief Scientist - BBN Technologies

Co-chair: PKIX WG - IETF

Presentation to the Asia PKI Forum, Shanghai China, July 2004.

Excellent expose of some of the traditional problems CAs got themselves into with one size fits all certificates.  From Kent's slides:


"Most PKIs focus on identifying entities (users, devices, etc.)  as a basis for machine enforced authorization or for human value judgments (“do I trust e-mail from him?”). Thus CAs emphasize the procedures they use to verify the identity of certificate subjects.

"For big CAs, there is an implicit assumption that a single certificate is all that a user should need. This assumes that one identity is sufficient for all applications, which contradicts experience."






Stephen Kent 2004 (4)Challenge.ppt335.5 KB Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I