Revenge of the PKI Nerds

Wherein a very patient CSO hatches a plan to revive PKI, a technology thought to be dead

By

December 01, 2004CSO — I recently noticed a curious phenomenon. Public Key Infrastructure (PKI), once rumored to be dead, is making a comeback. Several high-profile institutions are now deploying a technology that I assumed had been extinct since the dot-bomb era. It's sort of technology's version of the coelacanth. This was a fish that was assumed to have been extinct for hundreds of thousands of years and thenbam!one turns up in a fisherman's net off the coast of Madagascar.

I admit I have a certain fondness for Public Key Infrastructure, or PKI as it is commonly knownat least that is the three-letter version. PKI is commonly described using choice four-letter words as well. That's because it came into favorand just as ingloriously fell out of itwith the boom of the '90s.

I should know, because I cut my security teeth on the bleeding edge of PKI. In 1992, I took a position as the director of electronic commerce with a company that sought to deploy a global certificate authority (CA) that would issue the digital certificates used to process PKI. Under our plan, all other CAs would be subordinate to us, and we would sit atop a giant pyramid scheme raking in monopoly profits by charging pennies on all the billions of e-commerce transactions around the world.

The only problem was that other PKI companies were busy scheming with their own plans to take over the e-commerce world. While we were plotting against each other, we forgot to actually deploy the technology. After a few years of hand waving, PowerPoint presentations and whiteboard discussions, investors began demanding that we start earning our keep by making a profit. Silly realists!Dropping the Dot BombThe bottom soon fell out of the dotcom market, and the next thing we knew, we were all posting our résumés on Monster.com. I was lucky and found a job as CISO; others in the business were not so fortunate. Every now and again, when I have lunch with an old acquaintance, we reminisce about the good ol' days of nonprofit technology hedonism and gossip about what company ol' so-and-so eventually wound up with.

In retrospect, there were good reasons why PKI was joined at the hip with the dotcom boom and bust. In the early '90s, every businessman had the same dream: a global marketplace of buyers and sellers linked together in cyberspace. The only problem was that conducting business over the Internet required authentication and encryption technologythe former to identify the buyer or the seller in a legally binding fashion, and the latter to protect the sensitive information being transmitted.

RESOURCE CENTER