Practicalities of Deployment (4)

• Need 3 key pairs?

  • Signing ; encryption (key exchange) ; authentication
  • no-one readily supports this model

• Keep CAs centralised ; use dispersed RAs

  • Keep hierarchies as flat as possible

• Need multiple CA’s one per purpose

  • card issuer
  • cross-certifier
  • SSL
  • S/MIME
  • external/customer

• Focus on PKI as an authentication mechanism with separate authorisation mechanisms

Previous slide

Next slide

Back to first slide

View graphic version