Attacks against PKI
If you ask any security expert if PKI is 100% safe, the answer would be a big NOÂ - there are a few concerns that are raised by security experts from time to time. I will begin by looking at the management of CA certificates and private keys. The internet is full of billions of websites and services, and so there are multiple certificate authorities. Rolling out new standards takes many years since this affects the whole security ecosystem.
As a system, PKI is nothing but mathematics. Once someone cracks the formula, a new formula will be introduced to the industry, which looks stronger and more secure. But for how long would this be the case? Another major issue comes with securing private keys. The normal scenario is that you, as a client, generate your private key pair on your own machine, then send the CSR to the CA as part of a certificate request. In some cases, it is a good idea to let the CA generate the key pair and send it to you. In case of private key loss...
