Radomir Prodanović – Centre for Applied Mathematics and Electronics, Serbian Armed Forces,
Vojvode Stepe 445, 11000 Belgrade, Serbia

Ivan Vulić – Military Technical Academy, University of Defense, Pavla Jurišića Šturma 1, Belgrade, Serbia
Ivan Tot – Military Technical Academy, University of Defense, Pavla Jurišića Šturma 1, Belgrade, Serbia

DOI: https://doi.org/10.31410/ERAZ.S.P.2019.169

5th International Conference – ERAZ 2019 – KNOWLEDGE BASED SUSTAINABLE DEVELOPMENT, Budapest – Hungary, May 23, 2019, SELECTED PAPERS

Published by: Association of Economists and Managers of the Balkans – Belgrade, Serbia
Conference partners: Faculty of Economics and Business, Mediterranean University, Montenegro; University of National and World Economy – Sofia, Bulgaria; Faculty of Commercial and Business Studies – Celje, Slovenia; Faculty of Applied Management, Economics and Finance – Belgrade, Serbia;

ISBN 978-86-80194-21-9, ISSN 2683-5568, DOI: https://doi.org/10.31410/ERAZ.S.P.2019


PKI architecture is base of e-business security in an insecure Internet environment for a
geographically distributed organization. Choosing an adequate PKI architecture is a real challenge.
Each PKI architecture has its advantages and disadvantages which should be taken into consideration
before choosing the one. Therefore, authors in this paper give description and comparative analysis
of the basic PKI architectures. This analysis has two aspects: first, comparison of advantages and disadvantages,
and second, aspect of parameters chosen by the authors. Chosen parameters are: trust,
certification path, scalability, flexibility and failure.

Key words

PKI architecture, certification authority, trust, scalability, certification path.


[1] Pfleeger, C.P., Pfleeger, S.L., Margulies, M. (2015) Security in Computing, 5th Edition
Prentice Hall.
[2] Casola, V., Mazzeo, A., Mazzocca, N., Rak, M. (2005) An Innovative Policy-Based Cross
Certification Methodology for Public Key Infrastructures. EuroPKI 2005, pp. 100-117.
[3] Lopez, J., Oppliger, R., Pernul, G. (2005) Classifying Public Key Certificates. EuroPKI
2005: pp. 135-143.
[4] Lioy, A., Marian, M., Moltchanova, N., Pala, M. (2006) PKI past, present and future, Int.
Journal of Information Security, pp. 18-29.
[5] Linn, J. (2000) Trust Models and Management in Public-Key Infrastructures. RSA Laboratories,
[6] Polk, W. T., Hastings, N. E. (2000) Bridge Certification Authorities: Connecting B2B Public
Key Infrastructures. National Institute of Standards and Technology.
[7] Perlman, R. (1999) An Overview of PKI Trust Models, IEEE Network, Vol. 13, pp. 38-43.
[8] Choudhury, S., Bhatnagar, K., Haque, W (2002) Public Key Infrastructure Implementation
and Design, John Wiley & Sons, Inc. New York.
[9] Microsoft, (2016) Certificate Trust List Overview. [Online]. Available: https://msdn.microsoft.
com/en-us/library/windows/desktop/aa376545%28v= vs.85%29.aspx
[10] Certipost, (2004) Trust List Usage Recommendations for a European IDABridge/Gateway
CA Pilot for Public Administrations. IDA PKI II / EBGCA /WP1.2
[11] Moses, T. (2003). PKI trust models. Draft, [Online]. Available: http://www.it-c.dk /courses/
DSK/F2003/ PKI_Trust_models.pdf
[12] Burr, W. E. (1998) Public Key Infrastructure (PKI) technical Specification: Part A –Technical
Concept of Operations. National Institute of Standards and Technology Working
[13] Adams, C., Lloyd, S. (2002) Understanding PKI: Concepts, Standards, and Deployment
Considerations. Second Edition Addison Wesley.

[14] Santesson, S., Farrell, S., Boeyen R., Housley, S., Polk, W. (2008) Internet X.509 Public
Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Network
Working Group Request for Comments, IETF RFC 5280.
[15] Turnbull, J. (2001) Cross-Certification and PKI Policy Networking. Version: 2.0, Entrust.
[Online]. Available: https://www.researchgate.net/publication/245817335_Cross-Certification_
[16] Author unknown (2002) A bridge CA for Europe’s Public Administrations. Feasibility
study, European Commission – Enterprise DG, Public Key Infrastructure for Closed User
Groups Project.
[17] Shirey, R. (2007) Internet Security Glossary, Version 2, RFC 4949, IETF.
[18] Prodanović, R. I., Vulić, I.B. (2017) Failure Points in the PKI Architecture, Vojnotehnički
glasnik/Military Technical Courier, Vol 65, Issue 3, pp. 771-784.