Simplifying PKI usage through a client-server architecture and dynamic propagation of certificate paths and repository addresses

PKI deployment and use has not met its expectations. One reason that PKIX has not been fully accepted is due to the complexity of the system. Any application wishing to use PKI must implement complicated logic for certificate parsing, certificate path building and policy management. Certificate path building, in particular, is further complicated by the non-standardized method of certificate discovery and retrieval. Thus, many applications do not utilize or cannot utilize public key technology. We propose a new PKI server which offers access to PKI services and only requires a simple client API and a small client library that enables even resource-limited clients to be supported. This can greatly reduce application development time and complexity and allow PKI usage to propagate into more applications. Furthermore, we introduce the concept of a PKI server-to-server protocol which allows knowledge of certificate repositories and certificate paths to be shared among different PKI Servers. This technique will simplify the task of certificate retrieval and path building for individual PKI Servers.