The security-mediated approach to PKI offers several
advantages, such as instant revocation and compatibility
with standard RSA tools. In this paper, we present a design
and prototype that addresses its trust and scalability
problems. We use trusted computing platforms linked with
peer-to-peer networks to create a network of trustworthy
mediators and improve availability.We use threshold
cryptography to build a back-up and migration technique
which allows recovery from a mediator crashing while also
avoiding having all mediators share all secrets. We then use
strong forward secrecy with this migration, to mitigate the
damage should a crashed mediator actually be compromised.
G. Vanrenen, S.W. Smith, and J. Marchesini.
"Distributing Security-Mediated PKI"
International Journal of Information Security
Volume 5, Issue 1 (January 2006).