Problem 5: Public key infrastructure doesn’t exist

• In theory, public key eliminates the need for pre-agreement

  • public data establishes that endpoints hold corresponding secret
  • but how do we know a published public key is the “real” one?

• One answer: certificates

  • bind a public key to the name of its “owner”, signed by an “authority” with a well-known key

• Certificates help establish keyholder identity, if the right data are certified & the authority is trusted by the recipient

• Unfortunately, this requires a certification infrastructure

  • none exists yet, and current proposals aren’t very promising

Previous slide

Next slide

Back to first slide

View graphic version