Document Type

Technical Report

Publication Date


Technical Report Number



In Public Key Infrastructure (PKI), the simple, monopolistic CA model works fine until we consider the real world. Then, issues such as scalability and mutually suspicious organizations create the need for a multiplicity of CAs, which immediately introduces the problem of how to organize them to balance resilience to compromise against efficiency of path discovery. However, security has given us tools such as secure coprocessing, secret splitting, secret sharing, and threshold cryptography for securely carrying out computations among multiple trust domains; distributed computing has given us peer-to-peer networking, for creating self-organizing distributed systems. In this paper, we use these latter tools to address the former problem by overlaying a virtual hierarchy on a mesh architecture of peer CAs, and achieving both resilience and efficiency.