• United States



by Paul Kerstein

Defense Department to Revamp PKI

Aug 15, 20051 min
CSO and CISOData and Information Security

In order to deal with scalability issues, the Department of Defense isstarting the process of making changes to its public-key infrastructure(PKI), which uses digital certificates for e-mail and web security. Networkworldreports that a huge certificate revocation list is the crux of theproblem the DoD faces because the entire list is supposed to bedownloaded daily to every PKI user’s desktop at the department fromservers. The time-delay and bandwidth consumption is a major source offrustration to military planners and is also poorly adapted to theneeds of mobile units and ships. The Defense Department is seeking toeliminate CRL downloads by deploying a new set of PKI appliances calledOnline Certificate Status Protocol (OCSP ) responders, which store CRLsand automatically provide short answers to desktop users about whethera certificate is good or bad. Read more.