Talk:Public key infrastructure

Example of Use

There should be a statement of use in the summary statement. It would be even better if there was an example of use given in the summary. Stephen Charles Thompson (talk) 00:33, 26 October 2008 (UTC)

should there be some examples of use outside strict computer-computer communication? - eg electronic passports are signed for verification purposes-- http://www.dfat.gov.au/dept/passports/ and the australian passport uses encryption in 2 ways, 1 to sign the info on there (so you know its a genuine passport) and the other is a written internal key which is needed to decode the rfid data from the chip in the card. 130.102.0.171 (talk) 02:01, 3 February 2009 (UTC)

Diagrams

• Add some diagrams, maybe something like [1], [2], [3]?

If you wish, you may use the material at [4] for this - we've tried to make it "non-sales" literature, and we can grant use of it to Wikipedia. - Ppatters 19:55, 31 December 2006 (UTC)

Ppatters, you have to release those materials to the public domain then upload it. Stephen Charles Thompson (talk) 00:36, 26 October 2008 (UTC)

It occurs to me that some vendor references might be pertinent, i.e., PKI Innovations Inc. (http://www.pk3i.com).

---

Matt, The use of computing that you cut was the result of some cogitation. I was trying to make clear in the wording that there are multiple uses, not merely in overt crypto or overt computer security. PKIs are hidden from view in many contexts and not all of them are either. For instance, copyright protection is commercial and would use squirrels if there were any prospect of it working. That it uses (or misuses, misapplies, goofs badly, ...) crypto, and claims to be a computer security issue is another thing altogether. The point was worth making, though perhaps it was made too covertly. Have you a suggestion? ww 19:50, 14 Jul 2004 (UTC)

The real purpose of putting "In field F, ..." at the start of articles is to provide the reader with some context about what general domain he's reading about. If the clause is too wordy, then I think it lessens the usefulness. — Matt 20:04, 14 Jul 2004 (UTC)

---

If PKIX is to be merged with anything, it needs to be merged with X.509 not Public_key_infrastructure, because X.509 is a subset of Public_key_infrastructure and PKIX is related entirely to the subset rather than the set. Stuartyeates 07:10, 30 May 2006 (UTC)

---

added external link

I added a link to a FAQ at Entrust website, which presents a useful overview of a PKI. At least I appreciated it as an engineering student, it doesn't have the purpose of advertise a company instead of one another (by the way, I know nothing about their products). carlo —Preceding unsigned comment added by 83.184.183.81 (talk • contribs) 08:24, 26 June 2006

diagram

Diagram has no description, RA and VA are not referenced in the article. Also the order of arrows would be unclear to novice reader. Maybe someone could help? Gryszkalis 11:21, 20 October 2007 (UTC)

Here is a german version of the diagram with editable texts. --Bananenfalter (talk) 19:18, 15 June 2012 (UTC)

Plagiarism?

Do slides 14-17 from the following URL seem awfully familiar when reading the "PKI Software" section of this article?

http://ocw.kfupm.edu.sa/user062/CSE55101/KeyM.pdf

What is the usual course of action in this case?

Also, I think some of these products do not exist anymore (e.g. CyberTrust TrustedCA)...or never existed.

Karl Wiegand (talk) 00:56, 27 December 2007 (UTC)

Well, it's not clear which cis original. I would suspect the slides are preped from the wikipedia page though, as the section was added 1st March 2007, nearly 3 months before the slides are dated. RobbieAB (talk) 02:51, 2 April 2008 (UTC)aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

"bind" should be more prominent.

Over the past year, when trying to explain digital security and digital certificates, I've found people stumble until they grasp the concept of BINDING a digital certificate to a person's identity. This article makes the point very early, which is good, but I think you should make it much more emphatically. ie bold, linked to a detailed explanation, etc.

Richard. —Preceding unsigned comment added by Richardh9935 (talk • contribs) 01:41, 2 July 2008 (UTC)

'VA' ?

In the diagram on the page is an object called 'VA', but this term is not explained or referenced to in the main text. 77.63.71.8 (talk) 10:52, 20 October 2008 (UTC)

---

It probably stands for Validation Authority AH, S+

A Question

Hi. Do you know any free, gpl or open source software, for Windows XP or platform-independent, that shows me all the certificates installed on my machine, in something like a "who-certificates-whom" (certificate dependencies) graphical tree?

(Or, in case you don't know any software like this, do you know any good source or site where I could ask?)

Thank you very much. --Faustnh (talk) 16:16, 28 March 2009 (UTC)

Simplified Intro

As a result of feedback from Skippydo I have simplified the opening (introductory) section. It now contains only a statement of the problem and an un-jargon-ized context statement. I think this goes some way toward reducing the problem of examples of use, since the goal of any encyclopedia article is to reach a wide audience, which I take to be the real reason for examples.

Diagrams likewise. I've left the dia in, even though it's not well integrated, since it helps a wide audience. You don't have to understand a dia completely to get some help from it.

I've removed the word 'bind' although not the idea. 'Bind' is in vogue right now, and therefore, it has acquired a variety of metaphorical meanings: map, instantiate, allocate, control. I thought it better to explain in plain English.

I created a section for the CA approach to authentication. Hopefully, new material on that topic will be put there. Akurn (talk) 21:32, 16 October 2009 (UTC)

In my opinion, you have completely trashed the intro. PK cryptography enables secure communication between systems as well as individuals; it provides security without regard to whether there is actually an attacker or not. NO SUPPORT IS NEEDED??? Please explain how you expect to revoke a compromised key? The article title is 'Public Key Infrastructure' and should talk about the infrastructure. The intro was fine like it was. Please fix these deficiencies or revert.Jarhed (talk) 08:09, 30 October 2009 (UTC)

Not only for users

• Reading your introduction gives the feeling that a user identity refers only to a person as digital certificates are meant for wider usage.
• The Validation Authority (VA) is still not referred

Clark Gabler / March 2011 —Preceding unsigned comment added by 212.23.234.250 (talk) 15:08, 4 March 2011 (UTC)

If a digital cert can be issued to a corporate entity, that needs to be described in the article.Jarhed (talk) 23:00, 15 June 2011 (UTC)

File:Public-Key-Infrastructure.svg needs a do-over

Can we please get something a little less hokey? 209.217.100.70 (talk) 17:26, 23 April 2012 (UTC)

Maybe something from the Bananenfalter (who did such excellent work as commons:Category:Orange_blue_cryptography_diagrams 209.217.100.70 (talk) 17:29, 23 April 2012 (UTC)

Took me some time, but now it’s done. See the category mentioned above. --Bananenfalter (talk) 19:20, 15 June 2012 (UTC)

PKA redirects here and I believe that's incorrect

PKA (Public Key Authentication) is related to PKI, but lacks certificates or an Infrastructure for validating certificates. I see that PKA can also be an acronym for Public Key Authority, which may be another name for PKI, but that should be made clear on the disambiguation page.

I'm not bold enough to edit the articles at this point, because I admit I might be right about some of these issues. JordanHenderson (talk) 14:00, 17 September 2012 (UTC)

You mean PKA? If so, add as many additional entries as you feel is necessary. What you say makes sense and I don't see that anyone would object. Skippydo (talk) 04:33, 18 September 2012 (UTC)

I've changed the disambiguation link target to the more appropriate public-key cryptography, within which the concept Public Key Authentication lives more comfortably. I'm not convinced that the term Public Key Authority is notable. — Quondum 06:38, 18 September 2012 (UTC)

[Citation needed]

While reading this article I got crazy by all the templates "citation needed". The footnotes distract terribly from the text and are completely useless for the reader. What is the reader supposed to do the with this info? Not believe the marked paragraph? But why would (s)he bother to read it then? The templates should be used sparingly: only when a surprising statement without proper foundation is made. Also, the template text should be much less obtrusive. --P.wormer (talk) 08:29, 3 January 2014 (UTC)

The article contains many claims which need in-line citations of reliable sources. Could you please help by adding a few? For the History section, I replaced all distracting {{citation needed}} templates with an {{unreferenced}} to reduce distraction. I also moved {{refimprove}} from the references section to the top of the article. The Yeti 09:10, 3 January 2014 (UTC)

Market Share

Is a section on market share really relevant to this topic? Sounds more like advertising for Symantec.

Interestingly, almost the same paragraph appears here: https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_Authorities, where it is equally questionable.

External links modified (January 2018)

Hello fellow Wikipedians,

I have just modified 3 external links on Public key infrastructure. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20110716031415/http://www.secude.com/html/?id=1890 to http://www.secude.com/html/?id=1890
• Added archive https://web.archive.org/web/20141030210530/https://cryptocellar.web.cern.ch/cryptocellar/cesg/possnse.pdf to http://cryptocellar.web.cern.ch/cryptocellar/cesg/possnse.pdf
• Added archive https://web.archive.org/web/20101122134646/http://www.china-cic.org.cn/english/digital%20library/200512/3.pdf to http://www.china-cic.org.cn/english/digital%20library/200512/3.pdf

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 11:17, 20 January 2018 (UTC)

Question Relating to Criticism Section

I'm not quite sure I understand this statement, from the Criticism section of the article:

Current web browsers carry pre-installed intermediary certificates issued and signed by a Certificate Authority. This means browsers need to carry a large number of different certificate providers, increasing the risk of a key compromise.

Web browsers carry many certificates signed by many CAs. They don't carry the (private) keys with which the certificates are signed, so I don't know how those keys would risk being compromised. — Preceding unsigned comment added by Scottnch (talk • contribs) 17:42, 12 October 2018 (UTC)

One possible interpretation is that a certificate authority could be compromised, on a small or large scale. Their secret keys could be leaked by an insider (one hopes a CA would use hardware that prevents even insiders from seeing the actual values of the secret keys, but who knows)? Or, a government could force a CA to issue illegitimate certificates. Or, a CA could be careless in verifying the identity of those who apply for certificates. Jc3s5h (talk) 18:05, 12 October 2018 (UTC)

*the* PKI?

It seems to me that this article should be about the PKI using CA's etc. Does this have a name? is it OK to call it "*the* PKI"?. If that is the case, then I think that "Web of trust", "Simple public key infrastructure" and "Blockchain-based PKI" need to go under an "Alternatives" section.

Thoughts? - Snori (talk) 22:03, 26 December 2018 (UTC)

Blockchain

The blockchain section looks like a marketing page. The claim that blockchain is suited for public key distribution does not make sense. In theory a Public key can be broadcast on a billboard or the Internet, and technically it is almost the very first thing you get when you visit any https site (these days any site!). The fact that there are no references to this claim should flag it for removal. Or at least reword it to "Blockchain solutions have attempted to provide infrastructure to distribute public keys". Either way the world wide web has done a better job at distribution of public keys. Supcmd (talk) 13:04, 14 April 2020 (UTC)

Capabilities

The capabilities section regards capabilities of public key cryptography and not public key infrastructure. PKI is eventually about certification (and related topics, e.g., revocation). I propose removing this section. رهبرمعظم (talk) 14:23, 2 January 2024 (UTC)