In the Internetís world of insecurities, many actions should be taken to enhance the defense of each and every network. Many solutions exist that provide a level of security, none however being bulletproof. The best approach is to combine a variety of mechanisms that will supplement one another. In this article I will discuss a technology that is considered to be the new trend and a favored option among network implementers, that is Public Key Infrastructure (PKI).
The purpose of this article was to give the reader an overview of the PKI technology, the main architectures used to build a PKI system and a set of criterion to help them choose between these architectures.
As we can understand, it is important to have the same levels of confidence and trust in the electronic world as we have in the traditional world, and this can be done by implementing a PKI system.
Closing up, I will summarize which PKI architecture is best and when. A single architecture should be selected when the organization is small, with low budget and low demands for certification services; a hierarchical architecture is more appropriate for large organizations, that have appropriate budget to support the PKI implementation, with departments that do not need to communicate frequently, and the ability to support a demanding CA management (but not so complex); a mesh architecture should be selected (instead of the hierarchical model) if the departments of the organization need to communicate often and the organization can support the complex management of the PKI environment. However, we should have in mind that in a mesh architecture, sometimes the certification path development is more complex than in a hierarchical architecture, complicating verification of certificates and managing of the PKI system. In addition, we have to take into consideration the resilience of the PKI system, although there may be limitations such as the budget and management that prohibit the selection of a certain PKI architecture based on the resilience criterion.
Finally, I advise choosing wisely the PKI architecture that is more appropriate for you and your needs to best benefit from what this technology can offer you.