This is a great document that explains public key infrastructure, X.509 and certificates, and the problems with existing methods. "Conventional PKI, built around ISO standard X.509, has been, and will continue to be, a substantial failure. This paper examines that form . . .
This is a great document that explains public key infrastructure, X.509 and certificates, and the problems with existing methods. "Conventional PKI, built around ISO standard X.509, has been, and will continue to be, a substantial failure. This paper examines that form of PKI architecture, and concludes that the reason for its failure is its very poor fit to the real needs of cyberspace participants. Its key deficiencies are its inherently hierarchical and authoritarian nature, its unreasonable presumptions about the security of private keys, a range of other technical and implementation defects, confusions about what it is that a certificate actually provides assurance about, and its inherent privacy-invasiveness. Alternatives to conventional PKI are identified."

The link for this article located at Roger Clarke is no longer available.