The security-mediated approach to PKI offers several advantages, such as instant revocation and compatibility with standard RSA tools. In this paper, we present a design and prototype that addresses its trust and scalability problems. We use trusted computing platforms linked with peer-to-peer networks to create a network of trustworthy mediators and improve availability.We use threshold cryptography to build a back-up and migration technique which allows recovery from a mediator crashing while also avoiding having all mediators share all secrets. We then use strong forward secrecy with this migration, to mitigate the damage should a crashed mediator actually be compromised.


G. Vanrenen, S.W. Smith, and J. Marchesini.
"Distributing Security-Mediated PKI"
International Journal of Information Security.
Volume 5, Issue 1 (January 2006).