427:, is that it can interoperate with a PKI CA fully trusted by all parties in a domain (such as an internal CA in a company) that is willing to guarantee certificates, as a trusted introducer. If the "web of trust" is completely trusted then, because of the nature of a web of trust, trusting one certificate is granting trust to all the certificates in that web. A PKI is only as valuable as the standards and practices that control the issuance of certificates and including PGP or a personally instituted web of trust could significantly degrade the trustworthiness of that enterprise's or domain's implementation of PKI.
91:'s RFC 3647 defines an RA as "An entity that is responsible for one or more of the following functions: the identification and authentication of certificate applicants, the approval or rejection of certificate applications, initiating certificate revocations or suspensions under certain circumstances, processing subscriber requests to revoke or suspend their certificates, and approving or rejecting requests by subscribers to renew or re-key their certificates. RAs, however, do not sign or issue certificates (i.e., an RA is delegated certain tasks on behalf of a CA)." While
31:
3078:
498:
464:
is what is trusted, rather than the person. SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an "authorization loop" in SPKI terminology, where authorization is integral to its design. This type of PKI is specially useful for making integrations of PKI that do
145:
Assurance that if an entity changed (tampered) with transmitted data in the slightest way, it would be obvious it happened as its integrity would have been compromised. Often it is not of utmost importance to prevent the integrity being compromised (tamper proof), however, it is of utmost importance
676:
PKI vendors have found a market, but it is not quite the market envisioned in the mid-1990s, and it has grown both more slowly and in somewhat different ways than were anticipated. PKIs have not solved some of the problems they were expected to, and several major vendors have gone out of business or
361:
before it was purchased by
Symantec) ever since survey began, with it currently accounting for just under a third of all certificates. To illustrate the effect of differing methodologies, amongst the million busiest sites Symantec issued 44% of the valid, trusted certificates in use — significantly
290:
A certificate may be revoked before it expires, which signals that it is no longer valid. Without revocation, an attacker would be able to exploit such a compromised or mis-issued certificate until expiry. Hence, revocation is an important part of a public key infrastructure. Revocation is performed
100:
Certificate
Services which enforces Microsoft Enterprise CA, and certificate policy through certificate templates and manages certificate enrollment (manual or auto-enrollment). In the case of Microsoft Standalone CAs, the function of RA does not exist since all of the procedures controlling the CA
95:
may have referred to a subordinate CA as an RA, this is incorrect according to the X.509 PKI standards. RAs do not have the signing authority of a CA and only manage the vetting and provisioning of certificates. So in the
Microsoft PKI case, the RA functionality is provided either by the Microsoft
672:
By the first few years of the 21st century, the underlying cryptographic engineering was clearly not easy to deploy correctly. Operating procedures (manual or automatic) were not easy to correctly design (nor even if so designed, to execute perfectly, which the engineering required). The standards
302:
For distributing revocation information to clients, timeliness of the discovery of revocation (and hence the window for an attacker to exploit a compromised certificate) trades off against resource usage in querying revocation statuses and privacy concerns. If revocation information is unavailable
57:
The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is
264:
bound to a given user. This is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key. When the CA is a third party separate from the user and the system, then it is called the
Registration Authority (RA), which may or may not be
971:
When a key is known to be compromised, it could be fixed by revoking the certificate, but such a compromise is not easily detectable and can be a huge security breach. Browsers have to issue a security patch to revoke intermediary certificates issued by a compromised root certificate authority.
438:
As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other
152:
Assurance that every entity has certainty of what it is connecting to, or can evidence its legitimacy when connecting to a protected service. The former is termed server-side authentication - typically used when authenticating to a web server using a password. The latter is termed client-side
134:
Assurance that no entity can maliciously or unwittingly view a payload in clear text. Data is encrypted to make it secret, such that even if it was read, it appears as gibberish. Perhaps the most common use of PKI for confidentiality purposes is in the context of
Transport Layer Security
403:
and third-party attestations of those certificates. The singular term "web of trust" does not imply the existence of a single web of trust, or common point of trust, but rather one of any number of potentially disjoint "webs of trust". Examples of implementations of this approach are
139:). TLS is a capability underpinning the security of data in transit, i.e. during transmission. A classic example of TLS for confidentiality is when using an internet browser to log on to a service hosted on an internet based web site by entering a password.
76:(CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision. When done over a network, this requires using a secure certificate enrollment or certificate management protocol such as
127:
PKI provides "trust services" - in plain terms trusting the actions or outputs of entities, be they people or computers. Trust service objectives respect one or more of the following capabilities: Confidentiality, Integrity and
Authenticity (CIA).
183:
which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed.
570:
and others made important discoveries related to encryption algorithms and key distribution. Because developments at GCHQ are highly classified, the results of this work were kept secret and not publicly acknowledged until the mid-1990s.
606:
and its predecessors), a need became evident for ways in which users could securely communicate with each other, and as a further consequence of that, for ways in which users could be sure with whom they were actually interacting.
792:
requires secure communication between mutually trusted devices. A public key infrastructure enables devices to obtain and renew X.509 certificates which are used to establish trust between devices and encrypt communications using
668:
The enacted laws and regulations differed, there were technical and operational problems in converting PKI schemes into successful commercial operation, and progress has been much slower than pioneers had imagined it would be.
377:
system. A single sign-on server will issue digital certificates into the client system, but never stores them. Users can execute programs, etc. with the temporary certificate. It is common to find this solution variety with
101:
are based on the administration and access procedure associated with the system hosting the CA and the CA itself rather than Active
Directory. Most non-Microsoft commercial PKI solutions offer a stand-alone RA component.
480:(DIDs) eliminates dependence on centralized registries for identifiers as well as centralized certificate authorities for key management, which is the standard in hierarchical PKI. In cases where the DID registry is a
439:
people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.
649:
Vendors and entrepreneurs saw the possibility of a large market, started companies (or new projects at existing companies), and began to agitate for legal recognition and protection from liability. An
933:, the latest version of HTTP protocol, allows unsecured connections in theory; in practice, major browser companies have made it clear that they would support this protocol only over a PKI secured
786:
Mobile signatures are electronic signatures that are created using a mobile device and rely on signature or certification services in a location independent telecommunication environment;
957:
extension of the TLS protocol. This would mean that, to get the speed benefits of HTTP/2, website owners would be forced to purchase SSL/TLS certificates controlled by corporations.
646:); it included key establishment, server authentication (prior to v3, one-way only), and so on. A PKI structure was thus created for Web users/sites wishing secure communications.
2084:
Larisch, James; Choffnes, David; Levin, Dave; Maggs, Bruce M.; Mislove, Alan; Wilson, Christo (2017). "CRLite: A Scalable System for
Pushing All TLS Revocations to All Browsers".
1778:
72:
with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a
365:
Following major issues in how certificate issuing were managed, all major players gradually distrusted
Symantec issued certificates, starting in 2017 and completed in 2021.
338:
In this model of trust relationships, a CA is a trusted third party – trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.
2042:
Chung, Taejoong; Lok, Jay; Chandrasekaran, Balakrishnan; Choffnes, David; Levin, Dave; Maggs, Bruce M.; Mislove, Alan; Rula, John; Sullivan, Nick; Wilson, Christo (2018).
1377:
1951:
693:
PKIs of one type or another, and from any of several vendors, have many uses, including providing public keys and bindings to user identities which are used for:
3058:
2888:
2518:
345:(TLS) certificates, states that "Although the global ecosystem is competitive, it is dominated by a handful of major CAs — three certificate authorities (
330:
presents connection latency and privacy issues. Other schemes have been proposed but have not yet been successfully deployed to enable fail-hard checking.
265:
separate from the CA. The key-to-user binding is established, depending on the level of assurance the binding has, by software or under human supervision.
661:
being the first in 1995) and other jurisdictions throughout the world began to enact laws and adopt regulations. Consumer groups raised questions about
1156:
2228:
1800:
2646:
3344:
2741:
1106:
399:
An alternative approach to the problem of public authentication of public key information is the web-of-trust scheme, which uses self-signed
1721:
3220:
2641:
1011:
883:
3165:
2370:
519:
3171:
1316:
17:
618:
and its rapid spread, the need for authentication and secure communication became still more acute. Commercial reasons alone (e.g.,
2549:
2543:
677:
been acquired by others. PKI has had the most success in government implementations; the largest PKI implementation to date is the
357:) account for three-quarters of all issued certificates on public-facing web servers. The top spot has been held by Symantec (or
227:
stating the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.
87:(RA). An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request. The
58:
required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
968:. This means browsers need to carry a large number of different certificate providers, increasing the risk of a key compromise.
3315:
3159:
999:
1659:
1381:
1079:
420:
digital signatures for self-publication of public key information, it is relatively easy to implement one's own web of trust.
2667:
2221:
2168:
2103:
1618:
1299:
1274:
1244:
1217:
46:) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke
104:
An entity must be uniquely identifiable within each CA domain on the basis of information about that entity. A third-party
602:
changed secure communications entirely. With the further development of high-speed digital electronic communications (the
3616:
3437:
631:
961:
153:
authentication - sometimes used when authenticating using a smart card (hosting a digital certificate and private key).
3641:
3253:
2285:
1017:
678:
665:, access, and liability considerations, which were more taken into consideration in some jurisdictions than in others.
327:
3661:
3359:
3147:
3118:
2734:
2353:
2310:
2066:
1351:
545:
465:
not rely on third parties for certificate authorization, certificate information, etc.; a good example of this is an
2275:
527:
3646:
3580:
2265:
2214:
1005:
654:
653:
technology project published an extensive analysis of some of the foreseeable legal aspects of PKI operations (see
449:
245:
1181:
3272:
2429:
2343:
2290:
1625:
1593:
1517:
993:
987:
484:, each entity can serve as its own root authority. This architecture is referred to as decentralized PKI (DPKI).
296:
88:
77:
3585:
3182:
2937:
2454:
523:
2149:
Smith, Trevor; Dickinson, Luke; Seamons, Kent (2020). "Let's Revoke: Scalable Global
Certificate Revocation".
1478:
318:
Due to the cost of revocation checks and the availability impact from potentially-unreliable remote services,
2338:
2124:
Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
1594:"Single Sign-On Technology for SAP Enterprises: What does SAP have to say? | May 2010 | SECUDE AG"
810:
is the simplest form of CA and tool for PKI. It is a toolkit, developed in C, that is included in all major
3397:
3367:
3266:
2727:
2595:
2528:
323:
204:(RA) which verifies the identity of entities requesting their digital certificates to be stored at the CA;
3377:
3247:
3053:
3008:
2821:
2692:
2585:
2434:
2348:
2270:
912:
840:
825:
218:
managing things like the access to stored certificates or the delivery of the certificates to be issued;
3656:
3558:
3321:
2932:
2444:
2333:
2315:
1989:
1617:
Ed Gerck, Overview of Certification Systems: x.509, CA, PGP and SKIP, in The Black Hat Briefings '99,
448:
Another alternative, which does not deal with public authentication of public key information, is the
3417:
3349:
3048:
2697:
1797:
1664:
887:
477:
2580:
1746:
3538:
3501:
3468:
3141:
3127:
3038:
3028:
2883:
2636:
2407:
2043:
1413:
1411:
1132:"Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework"
934:
918:
814:
distributions, and can be used both to build your own (simple) CA and to PKI-enable applications. (
794:
650:
643:
635:
579:
508:
342:
136:
3651:
3299:
3283:
3188:
3033:
3023:
2826:
2786:
2779:
2769:
2764:
2590:
2237:
1543:"JDK-8215012 : Release Note: Distrust TLS Server Certificates Anchored by Symantec Root CAs"
844:
815:
611:
512:
161:
51:
1821:
1728:
1408:
925:
is a costly venture for small businesses. However, the emergence of free alternatives, such as
908:
146:
that if integrity is compromised there is clear evidence of it having done so (tamper evident).
83:
The PKI role that may be delegated by a CA to assure valid and correct registration is called a
3278:
3242:
3153:
2774:
2672:
2523:
2462:
2397:
1542:
1084:
The European Union Agency for Cybersecurity (ENISA) :: Incident Response :: Glossary
876:
850:
XCA is a graphical interface, and database. XCA uses OpenSSL for the underlying PKI operations.
400:
285:
180:
116:
47:
2192:
3605:
3506:
3226:
3111:
3081:
2927:
2873:
2538:
2295:
2252:
1234:
1207:
981:
760:
292:
273:
237:
193:
179:
A public key infrastructure (PKI) is a system for the creation, storage, and distribution of
73:
1339:
1264:
3043:
2967:
2449:
2260:
2138:
768:
764:
742:
466:
416:, the standardized specification of PGP). Because PGP and implementations allow the use of
169:
105:
1619:
http://www.securitytechnet.com/resource/rsc-center/presentation/black/vegas99/certover.pdf
1324:
8:
2806:
2555:
946:
457:
424:
405:
269:
1344:
Digital Enterprise and Information Systems: International Conference, Deis, Proceedings
1317:"The ABCs of PKI: Decrypting the complex task of setting up a public key infrastructure"
236:
Broadly speaking, there have traditionally been three approaches to getting this trust:
3522:
3237:
2912:
2896:
2843:
2402:
2325:
2305:
2300:
2280:
2174:
2109:
2072:
789:
682:
481:
373:
This approach involves a server that acts as an offline certificate authority within a
223:
173:
3473:
3199:
2972:
2962:
2833:
2662:
2605:
2533:
2419:
2178:
2164:
2099:
2062:
1347:
1295:
1270:
1240:
1213:
1061:
965:
257:
2076:
1770:
964:
issued and signed by a certificate authority, by public keys certified by so-called
865:
341:
According to NetCraft report from 2015, the industry standard for monitoring active
3478:
3294:
3232:
3104:
2907:
2508:
2154:
2128:
2113:
2089:
2054:
1669:
1051:
926:
891:
583:
558:
Developments in PKI occurred in the early 1970s at the British intelligence agency
97:
1366:"Mike Meyers CompTIA Security+ Certification Passport", by T. J. Samuelle, p. 137.
871:
Vault tool for securely managing secrets (TLS certificates included) developed by
452:(SPKI) that grew out of three independent efforts to overcome the complexities of
3204:
1881:
1804:
1629:
610:
Assorted cryptographic protocols were invented and analyzed within which the new
599:
431:
322:
limit the revocation checks they will perform, and will fail-soft where they do.
172:
on an insecure public network, and reliably verify the identity of an entity via
2141:
2122:
1642:
1056:
1039:
2982:
2902:
2863:
2811:
2796:
1717:
1182:"Using Client-Certificate based authentication with NGINX on Ubuntu - SSLTrust"
950:
854:
772:
734:
724:
701:
615:
587:
567:
563:
374:
346:
276:(CA). Moreover, PKI is itself often used as a synonym for a CA implementation.
1492:
3635:
3259:
3194:
3063:
3018:
2977:
2957:
2853:
2816:
2791:
2159:
1065:
938:
776:
756:
720:
627:
165:
2058:
30:
3553:
3327:
3013:
2858:
2848:
2838:
2801:
2750:
2702:
2682:
1952:"Should We Abandon Digital Certificates, Or Learn to Use Them Effectively?"
1567:
1423:
922:
575:
394:
319:
308:
241:
62:
2013:
1691:
1591:
Single Sign-On Technology for SAP Enterprises: What does SAP have to say?
2992:
2600:
2477:
1266:
Public key infrastructure: building trusted applications and Web services
828:. It can be used to set up a CA both for internal use and as a service. (
750:
623:
1447:
315:
and treat it as unrevoked (and allow attackers to sidestep revocation).
3600:
2952:
2922:
2917:
2878:
2626:
2358:
2094:
1340:"Combining Mediated and Identity-Based Cryptography for Securing Email"
1131:
861:
780:
738:
697:
619:
595:
591:
460:'s web of trust. SPKI does not associate users with persons, since the
261:
69:
2121:
Sheffer, Yaron; Saint-Andre, Pierre; Fossati, Thomas (November 2022).
1907:
1622:
1597:
960:
Currently the majority of web browsers are shipped with pre-installed
904:
303:(either due to accident or an attack), clients must decide whether to
3595:
3407:
3372:
2942:
2380:
2133:
1929:
1209:
Understanding PKI: concepts, standards, and deployment considerations
872:
853:
DogTag is a full featured CA developed and maintained as part of the
824:
is a full-featured, enterprise-grade, CA implementation developed in
92:
1459:
775:—i.e., public key—methods, whereas actual communication uses faster
497:
3412:
3402:
3387:
2987:
2947:
2687:
2621:
2492:
2487:
2482:
2385:
2363:
1435:
603:
358:
2151:
Proceedings 2020 Network and Distributed System Security Symposium
1396:
385:
Starting Sep 2020, TLS Certificate Validity reduced to 13 Months.
3452:
3447:
3432:
3422:
2513:
2472:
1834:
942:
917:
Some argue that purchasing certificates for securing websites by
807:
709:
662:
413:
354:
350:
27:
System that can issue, distribute and verify digital certificates
1568:"Information about distrusting Symantec certificate authorities"
3610:
3563:
3543:
3442:
3427:
3392:
2868:
2631:
1971:
1956:
930:
713:
705:
417:
3096:
2041:
1429:
1107:"What is PKI? And how it secures just about everything online"
211:—i.e., a secure location in which keys are stored and indexed;
108:(VA) can provide this entity information on behalf of the CA.
3590:
3548:
3382:
3177:
2467:
2424:
2392:
2375:
1856:
836:
821:
811:
639:
453:
409:
379:
112:
430:
The web of trust concept was first put forth by PGP creator
368:
307:
and treat a certificate as if it is revoked (and so degrade
197:(CA) that stores, issues and signs the digital certificates;
1205:
954:
937:
connection. Web browser implementation of HTTP/2 including
829:
767:. In both of these, initial set-up of a secure channel (a "
746:
658:
559:
1337:
2560:
2414:
2120:
2083:
1722:"The Possibility of Secure Non-Secret Digital Encryption"
1453:
1417:
728:
719:
Encryption and/or authentication of documents (e.g., the
864:
for signing, verifying, and bundling TLS certificates. (
2051:
Proceedings of the Internet Measurement Conference 2018
2889:
Cryptographically secure pseudorandom number generator
2014:"Fraudulent Digital Certificates could allow spoofing"
1040:"Dynamic Public Key Certificates with Forward Secrecy"
2148:
1465:
1441:
1402:
614:
could be effectively used. With the invention of the
2198:
913:
Diginotar § Issuance of fraudulent certificates
423:
One of the benefits of the web of trust, such as in
2193:
Market share trends for SSL certificate authorities
745:). There's experimental usage for digitally signed
443:
115:standard defines the most commonly used format for
1820:Mark Gasson, Martin Meints, Kevin Warwick (2005),
326:are too bandwidth-costly for routine use, and the
1518:"Chrome's Plan to Distrust Symantec Certificates"
1236:Managing information systems security and privacy
3633:
2086:2017 IEEE Symposium on Security and Privacy (SP)
1338:Al-Janabi, Sufyan T. Faraj; et al. (2012).
1314:
657:), and shortly thereafter, several U.S. states (
3142:Transport Layer Security / Secure Sockets Layer
1990:"Root Certificate vs Intermediate Certificates"
1258:
1256:
1212:. Addison-Wesley Professional. pp. 11–15.
1882:"Introducing CFSSL - Cloudflare's PKI toolkit"
801:
622:, online access to proprietary databases from
3345:Export of cryptography from the United States
3112:
2735:
2222:
1262:
3221:Automated Certificate Management Environment
1747:"TLS Security 2: A Brief History of SSL/TLS"
1253:
1232:
1012:Automatic Certificate Management Environment
2236:
1308:
1289:
953:supports HTTP/2 only over TLS by using the
526:. Unsourced material may be challenged and
434:in 1992 in the manual for PGP version 2.0:
231:
3166:DNS-based Authentication of Named Entities
3119:
3105:
2742:
2728:
2229:
2215:
1104:
251:
3172:DNS Certification Authority Authorization
2158:
2132:
2093:
1744:
1692:"Decentralized Public Key Infrastructure"
1098:
1055:
546:Learn how and when to remove this message
369:Temporary certificates and single sign-on
279:
96:Certificate Services web site or through
2044:"Is the Web Ready for OCSP Must-Staple?"
1879:
1611:
1342:. In Ariwa, Ezendu; et al. (eds.).
1124:
909:Comodo Group § 2011 breach incident
759:secure communication protocols, such as
29:
1418:Sheffer, Saint-Andre & Fossati 2022
860:CFSSL open source toolkit developed by
14:
3634:
3316:Domain Name System Security Extensions
3160:Application-Layer Protocol Negotiation
1206:Adams, Carlisle; Lloyd, Steve (2003).
1000:Simple Certificate Enrollment Protocol
727:standards if documents are encoded as
333:
34:Diagram of a public key infrastructure
3100:
2723:
2210:
1854:
1716:
1491:
1375:
1315:McKinley, Barton (January 17, 2001).
1037:
574:The public disclosure of both secure
362:more than its overall market share."
2550:Naccache–Stern knapsack cryptosystem
1857:"X - Certificate and Key management"
1745:Prodromou, Agathoklis (2019-03-31).
1684:
1640:
1516:
890:. Boulder is the software that runs
524:adding citations to reliable sources
491:
472:
1972:"HTTP/2 Frequently Asked Questions"
1824:, FIDIS deliverable (3)2, July 2005
1822:D3.2: A study on PKI and biometrics
1623:http://mcwg.org/mcg-mirror/cert.htm
1466:Smith, Dickinson & Seamons 2020
1442:Smith, Dickinson & Seamons 2020
1403:Smith, Dickinson & Seamons 2020
1149:
877:Mozilla Public License 2.0 licensed
835:XiPKI, CA and OCSP responder. With
749:authentication in the Enigform and
168:technique that enables entities to
24:
3254:Online Certificate Status Protocol
1660:"Decentralized Identifiers (DIDs)"
1652:
1643:"Simple Public Key Infrastructure"
1541:
1294:. O'Reilly Media. pp. 61–62.
1018:Resource Public Key Infrastructure
741:logon, client authentication with
681:(DISA) PKI infrastructure for the
679:Defense Information Systems Agency
328:Online Certificate Status Protocol
25:
3673:
3148:Datagram Transport Layer Security
2186:
1668:. 9 December 2019. Archived from
1290:Viega, John; et al. (2002).
1080:"Public Key Infrastructure (PKI)"
256:The primary role of the CA is to
3581:Certificate authority compromise
3077:
3076:
2749:
1105:Fruhlinger, Josh (29 May 2020).
1006:Enrollment over Secure Transport
737:of users to applications (e.g.,
673:that existed were insufficient.
655:ABA digital signature guidelines
496:
450:simple public key infrastructure
444:Simple public key infrastructure
246:simple public-key infrastructure
3586:Random number generator attacks
3273:Extended Validation Certificate
3126:
2581:Discrete logarithm cryptography
2006:
1982:
1964:
1944:
1922:
1900:
1880:Sullivan, Nick (10 July 2014).
1873:
1848:
1827:
1814:
1796:Stephen Wilson, December 2005,
1790:
1763:
1738:
1710:
1634:
1585:
1560:
1535:
1510:
1485:
1471:
1376:Henry, William (4 March 2016).
1369:
1360:
1331:
1283:
994:Certificate Management over CMS
988:Certificate Management Protocol
388:
297:cryptographically authenticated
122:
89:Internet Engineering Task Force
65:, a PKI is an arrangement that
3183:HTTP Strict Transport Security
2938:Information-theoretic security
2035:
1779:Information Security Committee
1420:, 7.5. Certificate Revocation.
1226:
1199:
1174:
1072:
1031:
13:
1:
1798:"The importance of PKI today"
1378:"Trusted Third Party Service"
1292:Network Security with OpenSSL
1038:Chien, Hung-Yu (2021-08-19).
1024:
216:certificate management system
3267:Domain-validated certificate
2596:Non-commutative cryptography
898:
324:Certificate revocation lists
7:
3248:Certificate revocation list
3054:Message authentication code
3009:Cryptographic hash function
2822:Cryptographic hash function
2693:Identity-based cryptography
2586:Elliptic-curve cryptography
2020:. Microsoft. March 23, 2011
2018:Microsoft Security Advisory
1908:"cloudflare/cfssl · GitHub"
1771:"PKI Assessment Guidelines"
1479:"Counting SSL certificates"
1157:"Public Key Infrastructure"
1057:10.3390/electronics10162009
975:
802:Open source implementations
272:(TTP) may also be used for
10:
3678:
3322:Internet Protocol Security
3135:Protocols and technologies
2933:Harvest now, decrypt later
1930:"hashicorp/vault · GitHub"
1346:. Springer. pp. 2–3.
1239:. Birkhauser. p. 69.
902:
487:
408:(Pretty Good Privacy) and
392:
283:
3642:Public key infrastructure
3573:
3531:
3515:
3494:
3487:
3461:
3358:
3350:Server-Gated Cryptography
3337:
3308:
3289:Public key infrastructure
3214:Public-key infrastructure
3213:
3134:
3072:
3049:Post-quantum cryptography
3001:
2757:
2719:
2698:Post-quantum cryptography
2655:
2647:Post-Quantum Cryptography
2614:
2573:
2501:
2443:
2324:
2251:
2244:
2206:
2202:
1811:, Retrieved on 2010-12-13
1665:World Wide Web Consortium
962:intermediate certificates
921:and securing software by
580:asymmetric key algorithms
478:Decentralized identifiers
299:statement of revocation.
156:
40:public key infrastructure
18:Public Key Infrastructure
3662:Transport Layer Security
3502:Man-in-the-middle attack
3469:Certificate Transparency
3039:Quantum key distribution
3029:Authenticated encryption
2884:Random number generation
2160:10.14722/ndss.2020.24084
1269:. CRC Press. p. 8.
839:support, implemented in
651:American Bar Association
612:cryptographic primitives
343:Transport Layer Security
232:Methods of certification
3647:Public-key cryptography
3613:(in regards to TLS 1.0)
3566:(in regards to SSL 3.0)
3300:Self-signed certificate
3284:Public-key cryptography
3205:Perfect forward secrecy
3189:HTTP Public Key Pinning
3034:Public-key cryptography
3024:Symmetric-key algorithm
2827:Key derivation function
2787:Cryptographic primitive
2780:Authentication protocol
2770:Outline of cryptography
2765:History of cryptography
2591:Hash-based cryptography
2238:Public-key cryptography
2059:10.1145/3278532.3278543
688:
252:Certificate authorities
238:certificate authorities
162:Public-key cryptography
117:public key certificates
3617:Kazakhstan MITM attack
3279:Public key certificate
3243:Certificate revocation
3154:Server Name Indication
2775:Cryptographic protocol
1855:Hohnstädt, Christian.
1835:"xipki/xipki · GitHub"
1263:Vacca, Jhn R. (2004).
708:messages (e.g., using
469:network in an office.
441:
412:(an implementation of
286:Certificate revocation
280:Certificate revocation
202:registration authority
85:registration authority
35:
3606:Lucky Thirteen attack
3507:Padding oracle attack
3227:Certificate authority
2928:End-to-end encryption
2874:Cryptojacking malware
2253:Integer factorization
1233:TrÄŤek, Denis (2006).
982:Cryptographic agility
905:X.509 § Security
886:-based CA written in
866:BSD 2-clause licensed
761:Internet key exchange
436:
382:-based certificates.
293:certificate authority
274:certificate authority
194:certificate authority
74:certificate authority
52:public-key encryption
33:
3044:Quantum cryptography
2968:Trusted timestamping
2088:. pp. 539–556.
2053:. pp. 105–118.
1809:China Communications
1522:Google security blog
1493:"CA:Symantec Issues"
929:, has changed this.
769:security association
520:improve this section
181:digital certificates
170:securely communicate
106:validation authority
48:digital certificates
2807:Cryptographic nonce
2556:Three-pass protocol
1978:– via Github.
1454:Larisch et al. 2017
683:Common Access Cards
626:) were sufficient.
334:Issuer market share
295:, which produces a
270:trusted third party
187:A PKI consists of:
3523:Bar mitzvah attack
3238:Certificate policy
2913:Subliminal channel
2897:Pseudorandom noise
2844:Key (cryptography)
2326:Discrete logarithm
2095:10.1109/sp.2017.17
1803:2010-11-22 at the
1698:. 23 December 2015
1628:2008-09-05 at the
790:Internet of things
482:distributed ledger
224:certificate policy
174:digital signatures
36:
3657:IT infrastructure
3629:
3628:
3625:
3624:
3200:Opportunistic TLS
3094:
3093:
3090:
3089:
2973:Key-based routing
2963:Trapdoor function
2834:Digital signature
2715:
2714:
2711:
2710:
2663:Digital signature
2606:Trapdoor function
2569:
2568:
2286:Goldwasser–Micali
2170:978-1-891562-61-7
2105:978-1-5090-5533-3
1886:CloudFlare's Blog
1547:Java Bug Database
1430:Chung et al. 2018
1301:978-0-596-00270-1
1276:978-0-8493-0822-2
1246:978-3-540-28103-0
1219:978-0-672-32391-1
966:root certificates
556:
555:
548:
473:Decentralized PKI
209:central directory
16:(Redirected from
3669:
3492:
3491:
3479:HTTPS Everywhere
3295:Root certificate
3233:CA/Browser Forum
3121:
3114:
3107:
3098:
3097:
3080:
3079:
2908:Insecure channel
2744:
2737:
2730:
2721:
2720:
2552:
2453:
2448:
2408:signature scheme
2311:Okamoto–Uchiyama
2249:
2248:
2231:
2224:
2217:
2208:
2207:
2204:
2203:
2200:
2199:
2182:
2162:
2145:
2136:
2134:10.17487/RFC9325
2117:
2097:
2080:
2048:
2029:
2028:
2026:
2025:
2010:
2004:
2003:
2001:
2000:
1986:
1980:
1979:
1968:
1962:
1961:
1948:
1942:
1941:
1939:
1937:
1926:
1920:
1919:
1917:
1915:
1904:
1898:
1897:
1895:
1893:
1877:
1871:
1870:
1868:
1867:
1852:
1846:
1845:
1843:
1842:
1831:
1825:
1818:
1812:
1794:
1788:
1787:
1775:
1767:
1761:
1760:
1758:
1757:
1742:
1736:
1735:
1733:
1727:. Archived from
1726:
1720:(January 1970).
1714:
1708:
1707:
1705:
1703:
1688:
1682:
1681:
1679:
1677:
1656:
1650:
1649:
1647:
1641:Gonzalez, Eloi.
1638:
1632:
1615:
1609:
1608:
1606:
1605:
1596:. Archived from
1589:
1583:
1582:
1580:
1579:
1564:
1558:
1557:
1555:
1553:
1539:
1533:
1532:
1530:
1528:
1514:
1508:
1507:
1505:
1503:
1489:
1483:
1482:
1475:
1469:
1463:
1457:
1451:
1445:
1439:
1433:
1427:
1421:
1415:
1406:
1400:
1394:
1393:
1391:
1389:
1380:. Archived from
1373:
1367:
1364:
1358:
1357:
1335:
1329:
1328:
1327:on May 29, 2012.
1323:. Archived from
1312:
1306:
1305:
1287:
1281:
1280:
1260:
1251:
1250:
1230:
1224:
1223:
1203:
1197:
1196:
1194:
1192:
1178:
1172:
1171:
1169:
1167:
1153:
1147:
1146:
1144:
1142:
1128:
1122:
1121:
1119:
1117:
1102:
1096:
1095:
1093:
1091:
1086:. European Union
1076:
1070:
1069:
1059:
1035:
984:(crypto-agility)
551:
544:
540:
537:
531:
500:
492:
260:and publish the
132:Confidentiality:
98:Active Directory
21:
3677:
3676:
3672:
3671:
3670:
3668:
3667:
3666:
3632:
3631:
3630:
3621:
3569:
3527:
3511:
3488:Vulnerabilities
3483:
3457:
3360:Implementations
3354:
3333:
3304:
3209:
3130:
3125:
3095:
3086:
3068:
2997:
2753:
2748:
2707:
2651:
2615:Standardization
2610:
2565:
2548:
2497:
2445:Lattice/SVP/CVP
2439:
2320:
2266:Blum–Goldwasser
2240:
2235:
2189:
2171:
2106:
2069:
2046:
2038:
2033:
2032:
2023:
2021:
2012:
2011:
2007:
1998:
1996:
1988:
1987:
1983:
1970:
1969:
1965:
1950:
1949:
1945:
1935:
1933:
1928:
1927:
1923:
1913:
1911:
1906:
1905:
1901:
1891:
1889:
1878:
1874:
1865:
1863:
1853:
1849:
1840:
1838:
1833:
1832:
1828:
1819:
1815:
1805:Wayback Machine
1795:
1791:
1773:
1769:
1768:
1764:
1755:
1753:
1743:
1739:
1731:
1724:
1718:Ellis, James H.
1715:
1711:
1701:
1699:
1696:weboftrust.info
1690:
1689:
1685:
1675:
1673:
1658:
1657:
1653:
1645:
1639:
1635:
1630:Wayback Machine
1616:
1612:
1603:
1601:
1592:
1590:
1586:
1577:
1575:
1566:
1565:
1561:
1551:
1549:
1540:
1536:
1526:
1524:
1515:
1511:
1501:
1499:
1490:
1486:
1477:
1476:
1472:
1464:
1460:
1452:
1448:
1440:
1436:
1428:
1424:
1416:
1409:
1401:
1397:
1387:
1385:
1384:on 4 March 2016
1374:
1370:
1365:
1361:
1354:
1336:
1332:
1313:
1309:
1302:
1288:
1284:
1277:
1261:
1254:
1247:
1231:
1227:
1220:
1204:
1200:
1190:
1188:
1180:
1179:
1175:
1165:
1163:
1155:
1154:
1150:
1140:
1138:
1130:
1129:
1125:
1115:
1113:
1103:
1099:
1089:
1087:
1078:
1077:
1073:
1036:
1032:
1027:
978:
915:
901:
845:Apache licensed
816:Apache licensed
804:
691:
552:
541:
535:
532:
517:
501:
490:
475:
446:
432:Phil Zimmermann
397:
391:
371:
336:
291:by the issuing
288:
282:
254:
234:
159:
125:
28:
23:
22:
15:
12:
11:
5:
3675:
3665:
3664:
3659:
3654:
3652:Key management
3649:
3644:
3627:
3626:
3623:
3622:
3620:
3619:
3614:
3608:
3603:
3598:
3593:
3588:
3583:
3577:
3575:
3574:Implementation
3571:
3570:
3568:
3567:
3561:
3556:
3551:
3546:
3541:
3535:
3533:
3529:
3528:
3526:
3525:
3519:
3517:
3513:
3512:
3510:
3509:
3504:
3498:
3496:
3489:
3485:
3484:
3482:
3481:
3476:
3471:
3465:
3463:
3459:
3458:
3456:
3455:
3450:
3445:
3440:
3435:
3430:
3425:
3420:
3415:
3410:
3405:
3400:
3395:
3390:
3385:
3380:
3375:
3370:
3364:
3362:
3356:
3355:
3353:
3352:
3347:
3341:
3339:
3335:
3334:
3332:
3331:
3325:
3319:
3312:
3310:
3306:
3305:
3303:
3302:
3297:
3292:
3286:
3281:
3276:
3270:
3264:
3263:
3262:
3257:
3251:
3240:
3235:
3230:
3224:
3217:
3215:
3211:
3210:
3208:
3207:
3202:
3197:
3192:
3186:
3180:
3175:
3169:
3163:
3157:
3151:
3145:
3138:
3136:
3132:
3131:
3124:
3123:
3116:
3109:
3101:
3092:
3091:
3088:
3087:
3085:
3084:
3073:
3070:
3069:
3067:
3066:
3061:
3059:Random numbers
3056:
3051:
3046:
3041:
3036:
3031:
3026:
3021:
3016:
3011:
3005:
3003:
2999:
2998:
2996:
2995:
2990:
2985:
2983:Garlic routing
2980:
2975:
2970:
2965:
2960:
2955:
2950:
2945:
2940:
2935:
2930:
2925:
2920:
2915:
2910:
2905:
2903:Secure channel
2900:
2894:
2893:
2892:
2881:
2876:
2871:
2866:
2864:Key stretching
2861:
2856:
2851:
2846:
2841:
2836:
2831:
2830:
2829:
2824:
2814:
2812:Cryptovirology
2809:
2804:
2799:
2797:Cryptocurrency
2794:
2789:
2784:
2783:
2782:
2772:
2767:
2761:
2759:
2755:
2754:
2747:
2746:
2739:
2732:
2724:
2717:
2716:
2713:
2712:
2709:
2708:
2706:
2705:
2700:
2695:
2690:
2685:
2680:
2675:
2670:
2665:
2659:
2657:
2653:
2652:
2650:
2649:
2644:
2639:
2634:
2629:
2624:
2618:
2616:
2612:
2611:
2609:
2608:
2603:
2598:
2593:
2588:
2583:
2577:
2575:
2571:
2570:
2567:
2566:
2564:
2563:
2558:
2553:
2546:
2544:Merkle–Hellman
2541:
2536:
2531:
2526:
2521:
2516:
2511:
2505:
2503:
2499:
2498:
2496:
2495:
2490:
2485:
2480:
2475:
2470:
2465:
2459:
2457:
2441:
2440:
2438:
2437:
2432:
2427:
2422:
2417:
2412:
2411:
2410:
2400:
2395:
2390:
2389:
2388:
2383:
2373:
2368:
2367:
2366:
2361:
2351:
2346:
2341:
2336:
2330:
2328:
2322:
2321:
2319:
2318:
2313:
2308:
2303:
2298:
2293:
2291:Naccache–Stern
2288:
2283:
2278:
2273:
2268:
2263:
2257:
2255:
2246:
2242:
2241:
2234:
2233:
2226:
2219:
2211:
2197:
2196:
2188:
2187:External links
2185:
2184:
2183:
2169:
2146:
2118:
2104:
2081:
2067:
2037:
2034:
2031:
2030:
2005:
1981:
1963:
1943:
1921:
1899:
1872:
1847:
1826:
1813:
1789:
1762:
1737:
1734:on 2014-10-30.
1709:
1683:
1672:on 14 May 2020
1651:
1633:
1610:
1584:
1559:
1534:
1509:
1484:
1481:. 13 May 2015.
1470:
1468:, p. 1-2.
1458:
1456:, p. 542.
1446:
1434:
1422:
1407:
1395:
1368:
1359:
1352:
1330:
1307:
1300:
1282:
1275:
1252:
1245:
1225:
1218:
1198:
1173:
1148:
1123:
1097:
1071:
1029:
1028:
1026:
1023:
1022:
1021:
1015:
1009:
1003:
997:
991:
985:
977:
974:
900:
897:
896:
895:
880:
869:
858:
855:Fedora Project
851:
848:
833:
819:
803:
800:
799:
798:
787:
784:
773:asymmetric key
754:
735:Authentication
732:
725:XML Encryption
717:
702:authentication
700:and/or sender
690:
687:
634:developed the
630:and others at
616:World Wide Web
568:Clifford Cocks
554:
553:
504:
502:
495:
489:
486:
474:
471:
445:
442:
393:Main article:
390:
387:
375:single sign-on
370:
367:
335:
332:
284:Main article:
281:
278:
258:digitally sign
253:
250:
233:
230:
229:
228:
219:
212:
205:
198:
158:
155:
124:
121:
26:
9:
6:
4:
3:
2:
3674:
3663:
3660:
3658:
3655:
3653:
3650:
3648:
3645:
3643:
3640:
3639:
3637:
3618:
3615:
3612:
3609:
3607:
3604:
3602:
3599:
3597:
3594:
3592:
3589:
3587:
3584:
3582:
3579:
3578:
3576:
3572:
3565:
3562:
3560:
3557:
3555:
3552:
3550:
3547:
3545:
3542:
3540:
3537:
3536:
3534:
3530:
3524:
3521:
3520:
3518:
3514:
3508:
3505:
3503:
3500:
3499:
3497:
3493:
3490:
3486:
3480:
3477:
3475:
3472:
3470:
3467:
3466:
3464:
3460:
3454:
3451:
3449:
3446:
3444:
3441:
3439:
3436:
3434:
3431:
3429:
3426:
3424:
3421:
3419:
3416:
3414:
3411:
3409:
3406:
3404:
3401:
3399:
3396:
3394:
3391:
3389:
3386:
3384:
3381:
3379:
3376:
3374:
3371:
3369:
3368:Bouncy Castle
3366:
3365:
3363:
3361:
3357:
3351:
3348:
3346:
3343:
3342:
3340:
3336:
3329:
3326:
3323:
3320:
3317:
3314:
3313:
3311:
3307:
3301:
3298:
3296:
3293:
3290:
3287:
3285:
3282:
3280:
3277:
3274:
3271:
3268:
3265:
3261:
3260:OCSP stapling
3258:
3255:
3252:
3249:
3246:
3245:
3244:
3241:
3239:
3236:
3234:
3231:
3228:
3225:
3222:
3219:
3218:
3216:
3212:
3206:
3203:
3201:
3198:
3196:
3195:OCSP stapling
3193:
3190:
3187:
3184:
3181:
3179:
3176:
3173:
3170:
3167:
3164:
3161:
3158:
3155:
3152:
3149:
3146:
3143:
3140:
3139:
3137:
3133:
3129:
3122:
3117:
3115:
3110:
3108:
3103:
3102:
3099:
3083:
3075:
3074:
3071:
3065:
3064:Steganography
3062:
3060:
3057:
3055:
3052:
3050:
3047:
3045:
3042:
3040:
3037:
3035:
3032:
3030:
3027:
3025:
3022:
3020:
3019:Stream cipher
3017:
3015:
3012:
3010:
3007:
3006:
3004:
3000:
2994:
2991:
2989:
2986:
2984:
2981:
2979:
2978:Onion routing
2976:
2974:
2971:
2969:
2966:
2964:
2961:
2959:
2958:Shared secret
2956:
2954:
2951:
2949:
2946:
2944:
2941:
2939:
2936:
2934:
2931:
2929:
2926:
2924:
2921:
2919:
2916:
2914:
2911:
2909:
2906:
2904:
2901:
2898:
2895:
2890:
2887:
2886:
2885:
2882:
2880:
2877:
2875:
2872:
2870:
2867:
2865:
2862:
2860:
2857:
2855:
2854:Key generator
2852:
2850:
2847:
2845:
2842:
2840:
2837:
2835:
2832:
2828:
2825:
2823:
2820:
2819:
2818:
2817:Hash function
2815:
2813:
2810:
2808:
2805:
2803:
2800:
2798:
2795:
2793:
2792:Cryptanalysis
2790:
2788:
2785:
2781:
2778:
2777:
2776:
2773:
2771:
2768:
2766:
2763:
2762:
2760:
2756:
2752:
2745:
2740:
2738:
2733:
2731:
2726:
2725:
2722:
2718:
2704:
2701:
2699:
2696:
2694:
2691:
2689:
2686:
2684:
2681:
2679:
2676:
2674:
2671:
2669:
2666:
2664:
2661:
2660:
2658:
2654:
2648:
2645:
2643:
2640:
2638:
2635:
2633:
2630:
2628:
2625:
2623:
2620:
2619:
2617:
2613:
2607:
2604:
2602:
2599:
2597:
2594:
2592:
2589:
2587:
2584:
2582:
2579:
2578:
2576:
2572:
2562:
2559:
2557:
2554:
2551:
2547:
2545:
2542:
2540:
2537:
2535:
2532:
2530:
2527:
2525:
2522:
2520:
2517:
2515:
2512:
2510:
2507:
2506:
2504:
2500:
2494:
2491:
2489:
2486:
2484:
2481:
2479:
2476:
2474:
2471:
2469:
2466:
2464:
2461:
2460:
2458:
2456:
2451:
2446:
2442:
2436:
2433:
2431:
2428:
2426:
2423:
2421:
2418:
2416:
2413:
2409:
2406:
2405:
2404:
2401:
2399:
2396:
2394:
2391:
2387:
2384:
2382:
2379:
2378:
2377:
2374:
2372:
2369:
2365:
2362:
2360:
2357:
2356:
2355:
2352:
2350:
2347:
2345:
2342:
2340:
2337:
2335:
2332:
2331:
2329:
2327:
2323:
2317:
2316:Schmidt–Samoa
2314:
2312:
2309:
2307:
2304:
2302:
2299:
2297:
2294:
2292:
2289:
2287:
2284:
2282:
2279:
2277:
2276:Damgård–Jurik
2274:
2272:
2271:Cayley–Purser
2269:
2267:
2264:
2262:
2259:
2258:
2256:
2254:
2250:
2247:
2243:
2239:
2232:
2227:
2225:
2220:
2218:
2213:
2212:
2209:
2205:
2201:
2194:
2191:
2190:
2180:
2176:
2172:
2166:
2161:
2156:
2152:
2147:
2143:
2140:
2135:
2130:
2126:
2125:
2119:
2115:
2111:
2107:
2101:
2096:
2091:
2087:
2082:
2078:
2074:
2070:
2068:9781450356190
2064:
2060:
2056:
2052:
2045:
2040:
2039:
2019:
2015:
2009:
1995:
1991:
1985:
1977:
1973:
1967:
1959:
1958:
1953:
1947:
1931:
1925:
1909:
1903:
1887:
1883:
1876:
1862:
1861:hohnstaedt.de
1858:
1851:
1836:
1830:
1823:
1817:
1810:
1806:
1802:
1799:
1793:
1785:
1781:
1780:
1772:
1766:
1752:
1748:
1741:
1730:
1723:
1719:
1713:
1697:
1693:
1687:
1671:
1667:
1666:
1661:
1655:
1644:
1637:
1631:
1627:
1624:
1620:
1614:
1600:on 2011-07-16
1599:
1595:
1588:
1573:
1572:Apple Support
1569:
1563:
1548:
1544:
1538:
1523:
1519:
1513:
1498:
1494:
1488:
1480:
1474:
1467:
1462:
1455:
1450:
1444:, p. 10.
1443:
1438:
1431:
1426:
1419:
1414:
1412:
1404:
1399:
1383:
1379:
1372:
1363:
1355:
1353:9783642226021
1349:
1345:
1341:
1334:
1326:
1322:
1321:Network World
1318:
1311:
1303:
1297:
1293:
1286:
1278:
1272:
1268:
1267:
1259:
1257:
1248:
1242:
1238:
1237:
1229:
1221:
1215:
1211:
1210:
1202:
1187:
1183:
1177:
1162:
1158:
1152:
1137:
1133:
1127:
1112:
1108:
1101:
1085:
1081:
1075:
1067:
1063:
1058:
1053:
1049:
1045:
1041:
1034:
1030:
1019:
1016:
1013:
1010:
1007:
1004:
1001:
998:
995:
992:
989:
986:
983:
980:
979:
973:
969:
967:
963:
958:
956:
952:
948:
944:
940:
936:
932:
928:
927:Let's Encrypt
924:
920:
914:
910:
906:
893:
892:Let's Encrypt
889:
885:
881:
878:
874:
870:
867:
863:
859:
856:
852:
849:
846:
842:
838:
834:
831:
830:LGPL licensed
827:
823:
820:
817:
813:
809:
806:
805:
796:
791:
788:
785:
782:
778:
777:symmetric key
774:
770:
766:
762:
758:
757:Bootstrapping
755:
752:
748:
744:
740:
736:
733:
730:
726:
722:
721:XML Signature
718:
715:
711:
707:
703:
699:
696:
695:
694:
686:
684:
680:
674:
670:
666:
664:
660:
656:
652:
647:
645:
641:
637:
633:
629:
628:Taher Elgamal
625:
621:
617:
613:
608:
605:
601:
597:
593:
589:
585:
581:
577:
572:
569:
565:
561:
550:
547:
539:
529:
525:
521:
515:
514:
510:
505:This section
503:
499:
494:
493:
485:
483:
479:
470:
468:
463:
459:
455:
451:
440:
435:
433:
428:
426:
421:
419:
415:
411:
407:
402:
396:
386:
383:
381:
376:
366:
363:
360:
356:
352:
348:
344:
339:
331:
329:
325:
321:
316:
314:
310:
306:
300:
298:
294:
287:
277:
275:
271:
266:
263:
259:
249:
247:
243:
239:
226:
225:
220:
217:
213:
210:
206:
203:
199:
196:
195:
190:
189:
188:
185:
182:
177:
175:
171:
167:
166:cryptographic
163:
154:
151:
150:Authenticity:
147:
144:
140:
138:
133:
129:
120:
118:
114:
109:
107:
102:
99:
94:
90:
86:
81:
79:
75:
71:
68:
64:
59:
55:
53:
49:
45:
41:
32:
19:
3328:Secure Shell
3288:
3014:Block cipher
2859:Key schedule
2849:Key exchange
2839:Kleptography
2802:Cryptosystem
2751:Cryptography
2703:OpenPGP card
2683:Web of trust
2677:
2339:Cramer–Shoup
2150:
2123:
2085:
2050:
2022:. Retrieved
2017:
2008:
1997:. Retrieved
1993:
1984:
1975:
1966:
1955:
1946:
1934:. Retrieved
1932:. Github.com
1924:
1912:. Retrieved
1910:. Github.com
1902:
1890:. Retrieved
1888:. CloudFlare
1885:
1875:
1864:. Retrieved
1860:
1850:
1839:. Retrieved
1837:. Github.com
1829:
1816:
1808:
1792:
1783:
1777:
1765:
1754:. Retrieved
1750:
1740:
1729:the original
1712:
1700:. Retrieved
1695:
1686:
1674:. Retrieved
1670:the original
1663:
1654:
1636:
1613:
1602:. Retrieved
1598:the original
1587:
1576:. Retrieved
1574:. 2023-09-05
1571:
1562:
1550:. Retrieved
1546:
1537:
1525:. Retrieved
1521:
1512:
1500:. Retrieved
1497:Mozilla Wiki
1496:
1487:
1473:
1461:
1449:
1437:
1432:, p. 3.
1425:
1405:, p. 1.
1398:
1386:. Retrieved
1382:the original
1371:
1362:
1343:
1333:
1325:the original
1320:
1310:
1291:
1285:
1265:
1235:
1228:
1208:
1201:
1189:. Retrieved
1185:
1176:
1164:. Retrieved
1160:
1151:
1139:. Retrieved
1135:
1126:
1114:. Retrieved
1110:
1100:
1088:. Retrieved
1083:
1074:
1050:(16): 2009.
1047:
1043:
1033:
970:
959:
923:code signing
916:
882:Boulder, an
692:
675:
671:
667:
648:
624:web browsers
609:
576:key exchange
573:
557:
542:
536:January 2014
533:
518:Please help
506:
476:
461:
447:
437:
429:
422:
401:certificates
398:
395:Web of trust
389:Web of trust
384:
372:
364:
340:
337:
320:Web browsers
317:
312:
309:availability
304:
301:
289:
267:
255:
242:web of trust
235:
222:
215:
208:
201:
192:
186:
178:
160:
149:
148:
142:
141:
131:
130:
126:
123:Capabilities
110:
103:
84:
82:
66:
63:cryptography
60:
56:
43:
39:
37:
3474:Convergence
3128:TLS and SSL
3002:Mathematics
2993:Mix network
2673:Fingerprint
2637:NSA Suite B
2601:RSA problem
2478:NTRUEncrypt
2036:Works cited
1976:HTTP/2 wiki
1786:: 43. 2001.
1044:Electronics
751:mod_openpgp
638:protocol ('
582:in 1976 by
564:James Ellis
244:(WoT), and
70:public keys
50:and manage
3636:Categories
3601:Heartbleed
2953:Ciphertext
2923:Decryption
2918:Encryption
2879:Ransomware
2627:IEEE P1363
2245:Algorithms
2024:2011-03-24
1999:2022-05-02
1866:2023-12-29
1841:2016-10-17
1756:2024-05-25
1604:2010-05-25
1578:2024-01-16
1552:10 January
1527:10 January
1502:10 January
1025:References
903:See also:
862:CloudFlare
781:secret key
763:(IKE) and
739:smart card
698:Encryption
620:e-commerce
467:air-gapped
262:public key
143:Integrity:
3596:goto fail
3408:MatrixSSL
3373:BoringSSL
3144:(TLS/SSL)
2943:Plaintext
2195:(W3Techs)
2179:211268930
1994:About SSL
1141:26 August
1116:26 August
1111:CSOOnline
1066:2079-9292
899:Criticism
873:HashiCorp
783:—methods;
753:projects;
685:program.
642:' in Web
507:does not
313:fail-soft
305:fail-hard
268:The term
93:Microsoft
3532:Protocol
3462:Notaries
3438:SChannel
3413:mbed TLS
3403:LibreSSL
3388:cryptlib
3318:(DNSSEC)
3309:See also
3082:Category
2988:Kademlia
2948:Codetext
2891:(CSPRNG)
2688:Key size
2622:CRYPTREC
2539:McEliece
2493:RLWE-SIG
2488:RLWE-KEX
2483:NTRUSign
2296:Paillier
2077:53223350
1936:18 April
1914:18 April
1892:18 April
1801:Archived
1751:Acunetix
1626:Archived
1186:SSLTrust
1166:26 March
976:See also
771:") uses
632:Netscape
604:Internet
562:, where
359:VeriSign
347:Symantec
311:) or to
248:(SPKI).
3453:wolfSSL
3448:stunnel
3433:s2n-tls
3423:OpenSSL
3338:History
3324:(IPsec)
2758:General
2534:Lamport
2514:CEILIDH
2473:NewHope
2420:Schnorr
2403:ElGamal
2381:Ed25519
2261:Benaloh
2114:3926509
1702:23 June
1676:16 June
1388:4 March
1191:13 June
943:Firefox
919:SSL/TLS
808:OpenSSL
779:—i.e.,
765:SSL/TLS
743:SSL/TLS
710:OpenPGP
663:privacy
600:Adleman
588:Hellman
528:removed
513:sources
488:History
414:OpenPGP
355:GoDaddy
351:Sectigo
240:(CAs),
3611:POODLE
3564:POODLE
3559:Logjam
3544:BREACH
3516:Cipher
3495:Theory
3443:SSLeay
3428:Rustls
3393:GnuTLS
3256:(OCSP)
3223:(ACME)
3191:(HPKP)
3185:(HSTS)
3168:(DANE)
3162:(ALPN)
3150:(DTLS)
2869:Keygen
2656:Topics
2632:NESSIE
2574:Theory
2502:Others
2359:X25519
2177:
2167:
2112:
2102:
2075:
2065:
1957:Forbes
1350:
1298:
1273:
1243:
1216:
1090:14 May
1064:
1020:(RPKI)
1014:(ACME)
1002:(SCEP)
949:, and
939:Chrome
931:HTTP/2
911:, and
714:S/MIME
706:e-mail
598:, and
596:Shamir
592:Rivest
584:Diffie
418:e-mail
157:Design
3591:FREAK
3554:DROWN
3549:CRIME
3539:BEAST
3383:BSAFE
3378:Botan
3330:(SSH)
3291:(PKI)
3250:(CRL)
3178:HTTPS
3174:(CAA)
3156:(SNI)
2899:(PRN)
2468:Kyber
2463:BLISS
2425:SPEKE
2393:ECMQV
2386:Ed448
2376:EdDSA
2371:ECDSA
2301:Rabin
2175:S2CID
2110:S2CID
2073:S2CID
2047:(PDF)
1774:(PDF)
1732:(PDF)
1725:(PDF)
1646:(PDF)
1008:(EST)
996:(CMC)
990:(CMP)
947:Opera
837:SHA-3
822:EJBCA
812:Linux
640:https
454:X.509
410:GnuPG
380:X.509
164:is a
113:X.509
67:binds
3398:JSSE
3275:(EV)
3269:(DV)
3229:(CA)
2668:OAEP
2642:CNSA
2519:EPOC
2364:X448
2354:ECDH
2165:ISBN
2142:9325
2100:ISBN
2063:ISBN
1938:2018
1916:2018
1894:2018
1704:2020
1678:2020
1621:and
1554:2020
1529:2020
1504:2020
1390:2016
1348:ISBN
1296:ISBN
1271:ISBN
1241:ISBN
1214:ISBN
1193:2019
1168:2015
1161:MSDN
1143:2020
1136:IETF
1118:2021
1092:2024
1062:ISSN
955:ALPN
951:Edge
884:ACME
841:Java
826:Java
747:HTTP
689:Uses
659:Utah
644:URLs
578:and
560:GCHQ
511:any
509:cite
456:and
111:The
3418:NSS
2678:PKI
2561:XTR
2529:IES
2524:HFE
2455:SIS
2450:LWE
2435:STS
2430:SRP
2415:MQV
2398:EKE
2349:DSA
2334:BLS
2306:RSA
2281:GMR
2155:doi
2139:RFC
2129:doi
2090:doi
2055:doi
1784:0.3
1052:doi
935:TLS
875:. (
843:. (
795:TLS
729:XML
723:or
712:or
704:of
636:SSL
522:by
462:key
458:PGP
425:PGP
406:PGP
137:TLS
78:CMP
61:In
54:.
44:PKI
3638::
2509:AE
2344:DH
2173:.
2163:.
2153:.
2137:.
2127:.
2108:.
2098:.
2071:.
2061:.
2049:.
2016:.
1992:.
1974:.
1954:.
1884:.
1859:.
1807:,
1782:.
1776:.
1749:.
1706:.
1694:.
1680:.
1662:.
1570:.
1545:.
1520:.
1495:.
1410:^
1319:.
1255:^
1184:.
1159:.
1134:.
1109:.
1082:.
1060:.
1048:10
1046:.
1042:.
945:,
941:,
907:,
888:Go
731:);
716:);
594:,
590:,
586:,
566:,
353:,
349:,
221:A
214:A
207:A
200:A
191:A
176:.
119:.
80:.
38:A
3120:e
3113:t
3106:v
2743:e
2736:t
2729:v
2452:/
2447:/
2230:e
2223:t
2216:v
2181:.
2157::
2144:.
2131::
2116:.
2092::
2079:.
2057::
2027:.
2002:.
1960:.
1940:.
1918:.
1896:.
1869:.
1844:.
1759:.
1648:.
1607:.
1581:.
1556:.
1531:.
1506:.
1392:.
1356:.
1304:.
1279:.
1249:.
1222:.
1195:.
1170:.
1145:.
1120:.
1094:.
1068:.
1054::
894:.
879:)
868:)
857:.
847:)
832:)
818:)
797:.
549:)
543:(
538:)
534:(
530:.
516:.
135:(
42:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.