Common PKI Problems

Common PKI Problems

I can’t go into all the wonderful things about PKI without discussing some of the downsides. Most of these problems stem from the fact that there is no “standard” PKI implementation and compatibility issues. Other problems have to do with user awareness. Most people would not know that they are dealing with a PKI system if it crept up and bit them on the nose. Users are not familiar with how to interact with these systems which are generally not very user-friendly.

Here are some of the basic problems with PKI systems:

  • Not all applications accept the same Digital Certificates.

  • Not all applications are built to accept Digital Certificates at all.

  • Digital Certificates can be forged.

  • People generally don’t know how to tell the difference between a good (trusted) certificate and one they shouldn’t trust.

  • The user interface for Digital Certificates is poor.

  • If the Certificate Authority’s security is poor, you can’t trust their certificates.

  • It’s difficult to tell which Digital Certificate belongs to which person; especially if the person has a common name.

  • When a Digital Certificate is no longer valid (revoked), not all key servers are updated with this information.

  • If you lose your passphrase for your Digital Certificate, it’s difficult or impossible to either use your keys again or remove them from the key servers.

  • If you lose your keys (hard drive crash or lost floppy disk), you can’t always recover the lost keys.

  • Setting up and maintaining a PKI system is very labor intensive and  complex. It is not something that just anyone can do.

Actually, I could add another 15 or 20 problems to the list, but they would all be variations of the themes mentioned above. Although several vendors offer complete PKI solutions, they don’t necessarily promise that their solution will work with other companies’ solutions. So, if your company goes with Vendor A to install a system and your biggest client goes with Vendor X, there’s no guarantee that your two systems will be able to talk to one another securely.

Given all the problems stated, I must explain that many of the problems come from improperly configured PKI systems. When a PKI system is 100% correct in its setup, most of these problems are resolved. The fact remains, however, that we humans are prone to making mistakes with computers, so PKI systems often have mistakes in their configuration. Your best bet is to deal with professionals and ask them to explain how your setup resolves or removes some of the major problems that I’ve stated.

After you’ve initiated a PKI system you must remember to tell your staff how to use it properly. If they don’t know how it works, they won’t understand the problems. Getting your users to interact with the system appropriately will also go a long way in resolving some of the PKI drawbacks.

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows