Public Key Infrastructure Security and Interoperability Testing and Evaluation

Job Asheri Chaula, Louise Yngström, Stewart Kowalski


Public Key Infrastructures (PKIs) are currently being deployed in increasing sizes, numbers, fast changing technologies, and varying environments but our operational experience to date has been limited to a relatively small scale and small number of environments. Consequently, some open technical and environmental interoperability problems about the ways in which PKIs will be organized and operated in large-scale applications need to be addressed. For instance, (1) Non interoperable proprietary vendorprovided public key infrastructures (2) the distribution of revocation information which has serious security implications and the disadvantage to be very costly when running large scale PKI. This paper introduces the concept of security testing and evaluation to maximize PKI application security as a basis for PKI systems interoperability.