As much as I love public key infrastructure (PKI) and the mathematical security it can provide, it’s usually horribly implemented in the real world.If done right, like the inventors intended, it would be darn near perfect.
It’s mostly broken because admins don’t deploy it right, software doesn’t enforce what needs to be enforced, and users bypass any PKI warning, resulting in untold downloads of who knows how much malware.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld’s Security newsletter. ]
To most users, one of the biggest problems with PKI is invisible: the broken certificate revocation process.

Digital certificates are supposed to be revoked when their private keys become compromised or for some other reason shouldn’t be trusted or used, as determined by the certification authority (CA) that authorized the certificate.

A revoked certificate is supposed to be the same as no certificate.To read this article in full or to leave a comment, please click here