Int. J. Inf. Secur. (2006) 5: 18–29 DOI 10.1007/s10207-005-0077-9 SPECIAL ISSUE PAPER Antonio Lioy · Marius Marian · Natalia Moltchanova · Massimiliano Pala PKI past, present and future Published online: 19 July 2005 c  Springer-Verlag 2005 Abstract This paper discusses some design and manage- ment issues in running an open PKI, based on the experi- ence gained in the day-by-day operation of the EuroPKI in- frastructure. The problems are discussed with an historical perspective that includes real-life lessons learnt in EuroPKI about certification practices, services and applications. User- reported problems are also discussed to identify problems that hamper large scale adoption of public-key certificates. The article closes with a general outlook for the field and the description of the future EuroPKI plans. Keywords PKI · OCSP · Public-key certificates 1 Introduction Ever since applications entered the Internet era, the need for secure authentication has been a major issue. In early 90’s asymmetric cryptography became an affordable technology for the computational power of the standard workstation and a lot of effort was devoted to support it by creating and man- aging public-key certificates (PKC) through public-key in- frastructures (PKIs). An example is the MIT’s PKI [34], ini- tially deployed in 1996. In the same year, on the other side of the Atlantic, another valuable experience moved its first steps as the EuroPKI infrastructure started its activities in 10 different European countries. After the initial period of hype, where it seemed that PKIs would radically change the security world, it soon be- came clear that a certificate was not a value in itself and applications were missing. In fact, the only widely avail- able applications were web authentication and secure e-mail. Therefore, the initial feeling that PKI technology would of- fer a solution to all authentication needs soon clashed with two problems: the lack of application support and the pres- ence of interoperability issues between separate PKI islands. A. Lioy (B ) · M. Marian · N. Moltchanova · M. Pala Politecnico di Torino, Dipartmento di Automatica e Informatica, Corso Duca degli Abruzzi 24, Torino, Italy E-mail: security@polito.it In fact, early deployments suffered from high complex- ity and high commercial costs. For all companies, but the largest ones, running a PKI internally was highly expen- sive and even buying certificates from third parties was an unbearable cost because a yearly per-certificate fee was re- quired. In turn, this suggested either to avoid PKI or to is- sue certificates only to servers and not to clients, which did not encourage application developers to use certificates for client authentication. As clearly shown from the failure of the Internet Pol- icy Registration Authority (IPRA) PKI interoperability is- sues are more related to political than technical problems. In some environments, the interoperability problems were seen as a feature, as they deployed ad-hoc closed infrastruc- tures where non-interoperability with other environments was seen as a benefit. In contrast, other more open groups studied different PKI trust models to achieve interoperabil- ity by using architectures supporting an acceptable type of political agreement (such as cross-certification or bridge). Due to these issues, PKI popularity in the real world diminished till recently, when the need for certificates has come back quite strongly, this time not originating from the top (the security managers) but from the bottom (the final users). In fact, the issuing of digital signature laws in sev- eral European countries and user-driven demand for strong authentication in open network environments is opening a new PKI era, that of national electronic identity cards, digi- tal signature of electronic documents, and network and mid- dleware authentication (e.g., support for IPsec, WiFi secu- rity and grid computation). Today, these topics are the real drivers for large scale certificate deployment. In this paper, we look at the past, present and future of the PKI field as observed from the EuroPKI perspective. The lessons learnt in designing and managing this infrastructure are reported and related to other experiences. Finally, we give a general outlook for the field and describe the future plans of EuroPKI. We want to emphasize that this is a practical paper. Some of the problems reported might look as solved to the super- ficial reader, or at those more acquainted with the theory