PAPER RETHINKING DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE

摘要

This paper identifies and examines problems with implementing a Public KeyInfrastructure (PKI) in the Department of Defense (DOD). Some of these issues, such ascertificate revocation list (CRL) distribution and technological immaturity have been noted inofficial DOD documentation and other studies without solution. Others such as directorymanagement and operations in a tactical environment have been examined elsewhere. Here theproblems of e-mail encryption and access control are discussed. Several solutions to theseproblems such as policy changes and PKI architecture modification are suggested. Yet theoverall conclusion is that DOD PKI in its planned configuration will not achieve its operationalobjectives and may introduce security vulnerabilities and bureaucratic confusion where noneexisted before.