New models for the management of public key infrastructure and root certification authorities
Public key infrastructure (PKI) has been discussed for some time but has yet to command much attention from business or policy makers. The benefits of chaining certificate authorities (CA) together have not been obvious and confusion has reigned over the proper role of government. But a new PKI model emphasises control and audit, so that certificates may be issued to different user groups under their own rules, with external assurance of fitness for purpose. This type of model is supported by existing standards certification and accreditation processes. No special new authorities are needed and complex cross-certification protocols are avoided. Other advantages of an accreditation-based PKI include a non-government peak authority, an opt-in, bottom-up growth path, easily understood business language for all the elements of the PKI, and clarification of the legal liability of all CAs, in particular the peak authority.