How much real improvements in PKI since more than a decade?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Ross J. Anderson wrote in Sec.19.5.3 of his well-known book "Security
Engineering", Wiley, 2001, the following:

"In short, while public key infrastructures can be useful in some
applications, they are unlikely to be the universal solution to
security problems as their advocates seem to believe. They don't
tackle most of the really important issues at all."

How much real improvements have occurred since that time?

In case the answer turns out to be negative, wouldn't it imply that
the claimed security offered by PKI is an illusion serving only for
the profit gains of the business firms involved?

M. K. Shen

Re: How much real improvements in PKI since more than a decade?

Quoted text here. Click to load it

Schneier wrote something similarly negative in Cryptography Engineering.
Chapter 18 is "The Dream of PKI"  
Chapter 19 is "PKI Reality"  

I'd describe web pki as serving nothing other than the CAs.  But don't
criticise things just because there is profit motive involved.

Commercial PKI s/w is harder to use than you might imagine and frequently
leaves you wondering whether you are the first person to use it for your
(reasonable) requirements.

Site Timeline