Talk:Public key infrastructure

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
edit·history·watch·refresh Stock post message.svg To-do list for Public key infrastructure:

  • The diagram makes mention of «VA», but the actual wiki content does not. Can anyone fill this gap?

Example of Use[edit]

There should be a statement of use in the summary statement. It would be even better if there was an example of use given in the summary. Stephen Charles Thompson (talk) 00:33, 26 October 2008 (UTC)

should there be some examples of use outside strict computer-computer communication? - eg electronic passports are signed for verification purposes-- and the australian passport uses encryption in 2 ways, 1 to sign the info on there (so you know its a genuine passport) and the other is a written internal key which is needed to decode the rfid data from the chip in the card. (talk) 02:01, 3 February 2009 (UTC)


  • Add some diagrams, maybe something like [1], [2], [3]?
If you wish, you may use the material at [4] for this - we've tried to make it "non-sales" literature, and we can grant use of it to Wikipedia. - Ppatters 19:55, 31 December 2006 (UTC)
Ppatters, you have to release those materials to the public domain then upload it. Stephen Charles Thompson (talk) 00:36, 26 October 2008 (UTC)


It occurs to me that some vendor references might be pertinent, i.e., PKI Innovations Inc. (


Matt, The use of computing that you cut was the result of some cogitation. I was trying to make clear in the wording that there are multiple uses, not merely in overt crypto or overt computer security. PKIs are hidden from view in many contexts and not all of them are either. For instance, copyright protection is commercial and would use squirrels if there were any prospect of it working. That it uses (or misuses, misapplies, goofs badly, ...) crypto, and claims to be a computer security issue is another thing altogether. The point was worth making, though perhaps it was made too covertly. Have you a suggestion? ww 19:50, 14 Jul 2004 (UTC)

The real purpose of putting "In field F, ..." at the start of articles is to provide the reader with some context about what general domain he's reading about. If the clause is too wordy, then I think it lessens the usefulness. — Matt 20:04, 14 Jul 2004 (UTC)


If PKIX is to be merged with anything, it needs to be merged with X.509 not Public_key_infrastructure, because X.509 is a subset of Public_key_infrastructure and PKIX is related entirely to the subset rather than the set. Stuartyeates 07:10, 30 May 2006 (UTC)


added external link[edit]

I added a link to a FAQ at Entrust website, which presents a useful overview of a PKI. At least I appreciated it as an engineering student, it doesn't have the purpose of advertise a company instead of one another (by the way, I know nothing about their products). carlo —Preceding unsigned comment added by (talkcontribs) 08:24, 26 June 2006


Diagram has no description, RA and VA are not referenced in the article. Also the order of arrows would be unclear to novice reader. Maybe someone could help? Gryszkalis 11:21, 20 October 2007 (UTC)

Here is a german version of the diagram with editable texts. --Bananenfalter (talk) 19:18, 15 June 2012 (UTC)


Do slides 14-17 from the following URL seem awfully familiar when reading the "PKI Software" section of this article?

What is the usual course of action in this case?

Also, I think some of these products do not exist anymore (e.g. CyberTrust TrustedCA)...or never existed.

Karl Wiegand (talk) 00:56, 27 December 2007 (UTC)

Well, it's not clear which cis original. I would suspect the slides are preped from the wikipedia page though, as the section was added 1st March 2007, nearly 3 months before the slides are dated. RobbieAB (talk) 02:51, 2 April 2008 (UTC)aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

"bind" should be more prominent.[edit]

Over the past year, when trying to explain digital security and digital certificates, I've found people stumble until they grasp the concept of BINDING a digital certificate to a person's identity. This article makes the point very early, which is good, but I think you should make it much more emphatically. ie bold, linked to a detailed explanation, etc.

Richard. —Preceding unsigned comment added by Richardh9935 (talkcontribs) 01:41, 2 July 2008 (UTC)

'VA' ?[edit]

In the diagram on the page is an object called 'VA', but this term is not explained or referenced to in the main text. (talk) 10:52, 20 October 2008 (UTC)

It probably stands for Validation Authority AH, S+

A Question[edit]

Hi. Do you know any free, gpl or open source software, for Windows XP or platform-independent, that shows me all the certificates installed on my machine, in something like a "who-certificates-whom" (certificate dependencies) graphical tree?

(Or, in case you don't know any software like this, do you know any good source or site where I could ask?)

Thank you very much. --Faustnh (talk) 16:16, 28 March 2009 (UTC)

Simplified Intro[edit]

As a result of feedback from Skippydo I have simplified the opening (introductory) section. It now contains only a statement of the problem and an un-jargon-ized context statement. I think this goes some way toward reducing the problem of examples of use, since the goal of any encyclopedia article is to reach a wide audience, which I take to be the real reason for examples.

Diagrams likewise. I've left the dia in, even though it's not well integrated, since it helps a wide audience. You don't have to understand a dia completely to get some help from it.

I've removed the word 'bind' although not the idea. 'Bind' is in vogue right now, and therefore, it has acquired a variety of metaphorical meanings: map, instantiate, allocate, control. I thought it better to explain in plain English.

I created a section for the CA approach to authentication. Hopefully, new material on that topic will be put there. Akurn (talk) 21:32, 16 October 2009 (UTC)

In my opinion, you have completely trashed the intro. PK cryptography enables secure communication between systems as well as individuals; it provides security without regard to whether there is actually an attacker or not. NO SUPPORT IS NEEDED??? Please explain how you expect to revoke a compromised key? The article title is 'Public Key Infrastructure' and should talk about the infrastructure. The intro was fine like it was. Please fix these deficiencies or revert.Jarhed (talk) 08:09, 30 October 2009 (UTC)

Not only for users[edit]

  • Reading your introduction gives the feeling that a user identity refers only to a person as digital certificates are meant for wider usage.
  • The Validation Authority (VA) is still not referred

Clark Gabler / March 2011 —Preceding unsigned comment added by (talk) 15:08, 4 March 2011 (UTC)

If a digital cert can be issued to a corporate entity, that needs to be described in the article.Jarhed (talk) 23:00, 15 June 2011 (UTC)

File:Public-Key-Infrastructure.svg needs a do-over[edit]

Can we please get something a little less hokey? (talk) 17:26, 23 April 2012 (UTC)

Maybe something from the Bananenfalter (who did such excellent work as commons:Category:Orange_blue_cryptography_diagrams (talk) 17:29, 23 April 2012 (UTC)

Took me some time, but now it’s done. See the category mentioned above. --Bananenfalter (talk) 19:20, 15 June 2012 (UTC)

PKA redirects here and I believe that's incorrect[edit]

PKA (Public Key Authentication) is related to PKI, but lacks certificates or an Infrastructure for validating certificates. I see that PKA can also be an acronym for Public Key Authority, which may be another name for PKI, but that should be made clear on the disambiguation page.

I'm not bold enough to edit the articles at this point, because I admit I might be right about some of these issues. JordanHenderson (talk) 14:00, 17 September 2012 (UTC)

You mean PKA? If so, add as many additional entries as you feel is necessary. What you say makes sense and I don't see that anyone would object. Skippydo (talk) 04:33, 18 September 2012 (UTC)
I've changed the disambiguation link target to the more appropriate public-key cryptography, within which the concept Public Key Authentication lives more comfortably. I'm not convinced that the term Public Key Authority is notable. — Quondum 06:38, 18 September 2012 (UTC)

[Citation needed][edit]

While reading this article I got crazy by all the templates "citation needed". The footnotes distract terribly from the text and are completely useless for the reader. What is the reader supposed to do the with this info? Not believe the marked paragraph? But why would (s)he bother to read it then? The templates should be used sparingly: only when a surprising statement without proper foundation is made. Also, the template text should be much less obtrusive. --P.wormer (talk) 08:29, 3 January 2014 (UTC)

The article contains many claims which need in-line citations of reliable sources. Could you please help by adding a few? For the History section, I replaced all distracting {{citation needed}} templates with an {{unreferenced}} to reduce distraction. I also moved {{refimprove}} from the references section to the top of the article. The Yeti 09:10, 3 January 2014 (UTC)

Market Share[edit]

Is a section on market share really relevant to this topic? Sounds more like advertising for Symantec.

Interestingly, almost the same paragraph appears here:, where it is equally questionable.

External links modified (January 2018)[edit]

Hello fellow Wikipedians,

I have just modified 3 external links on Public key infrastructure. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

As of February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete the "External links modified" sections if they want, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{sourcecheck}} (last update: 15 July 2018).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 11:17, 20 January 2018 (UTC)

Question Relating to Criticism Section[edit]

I'm not quite sure I understand this statement, from the Criticism section of the article:

Current web browsers carry pre-installed intermediary certificates issued and signed by a Certificate Authority. This means browsers need to carry a large number of different certificate providers, increasing the risk of a key compromise.

Web browsers carry many certificates signed by many CAs. They don't carry the (private) keys with which the certificates are signed, so I don't know how those keys would risk being compromised. — Preceding unsigned comment added by Scottnch (talkcontribs) 17:42, 12 October 2018 (UTC)

One possible interpretation is that a certificate authority could be compromised, on a small or large scale. Their secret keys could be leaked by an insider (one hopes a CA would use hardware that prevents even insiders from seeing the actual values of the secret keys, but who knows)? Or, a government could force a CA to issue illegitimate certificates. Or, a CA could be careless in verifying the identity of those who apply for certificates. Jc3s5h (talk) 18:05, 12 October 2018 (UTC)