PKI Architectures: How to Choose One - Conclusions (Page 4 of 4 )
The purpose of this article was to give the reader an overview of the PKI technology, the main architectures used to build a PKI system and a set of criterion to help them choose between these architectures.
As we can understand, it is important to have the same levels of confidence and trust in the electronic world as we have in the traditional world, and this can be done by implementing a PKI system.
Closing up, I will summarize which PKI architecture is best and when. A single architecture should be selected when the organization is small, with low budget and low demands for certification services; a hierarchical architecture is more appropriate for large organizations, that have appropriate budget to support the PKI implementation, with departments that do not need to communicate frequently, and the ability to support a demanding CA management (but not so complex); a mesh architecture should be selected (instead of the hierarchical model) if the departments of the organization need to communicate often and the organization can support the complex management of the PKI environment. However, we should have in mind that in a mesh architecture, sometimes the certification path development is more complex than in a hierarchical architecture, complicating verification of certificates and managing of the PKI system. In addition, we have to take into consideration the resilience of the PKI system, although there may be limitations such as the budget and management that prohibit the selection of a certain PKI architecture based on the resilience criterion.
Finally, I advise choosing wisely the PKI architecture that is more appropriate for you and your needs to best benefit from what this technology can offer you.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 17 
