Now PKI in theory,
as I've described it on the previous three slides, seems pretty workable.
In practice, however, it's been a bit more difficult.
And it doesn't quite work as well in theory as you
might think it does from sorry,
it doesn't quite work as well in practice as you might think it does from theory.
There are several reasons for
this that I'm really not going to go into a great detail about here.
This already lies more in the realm of network security than cryptography per se.
But I'll just mention one issue is the Proliferation of root CAs that I,
that I talked about a few slides ago.
Namely the fact that even though you have these root CAs where it's suppose to
verify people's sig people's public keys and issue certificates.
There are lots and lots of CAs that are trusted in your basic browser software.
And in fact if any of those are ever compromised,
it would have disastrous con consequences for public key distribution.
Another issue is the problem of Revocation.
That is dealing with the fact that users might occasionally forget their keys.
There might actually have their private keys be compromised by an attacker.
And if they find out about such an event,
they would like to be able to tell the world that their old set of
certificates that vouched for their public key, are no longer valid.
And if they've replaced their public key with a different one.
This is really a rather thorny issue and
there's no great solution even today, although there are work arounds.