PKI doesn't have to be perfect to be worthwhile

Experts say a simpler approach could still yield benefits for security: "PKI doesn't have to be perfect to be worthwhile
Experts say a simpler approach could still yield benefits for security
By William Jackson, GCN Staff

Nobody ever said implementing a public-key infrastructure would be easy, but a pair of experts at the 2006 International Conference on Network Security said last week that using PKI is often harder than it needs to be.

"We haven't been as successful as I wish we had been," said Bill Burr of the National Institute of Standards and Technology. "But I think we've been more successful than we get credit for."

PKI promises to be a pretty good way to authenticate users, sign documents electronically and secure data. It uses a pair of mathematically related encryption keys to secure data. One key is kept private while the other is made public, allowing communications between individuals without exchanging secret keys. Using a public key, messages can be sent that can only be read by someone possessing the corresponding private key. "