In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via tools such as client-side SSL and browser-based keystores. Exploring this vision, we demonstrate that browsers will use personal certificates to authenticate requests that the person neither knew of nor approved (in some scenarios, direct migration from password-based systems to clientside SSL makes things worse). We also demonstrate the easy permeability of these keystores, including new attacks on medium and high-security IE/XP keys. We suggest some short-term countermeasures. However, against this background, it is not clear that the current client-side infrastructure can achieve the PKI vision. A fundamental rethinking of the trust, usage, and storage model might result in more effective tools for building a PKI.


J. Marchesini, S.W. Smith, M. Zhao.
"Keyjacking: Risks of the Current Client-side Infrastructure."
2nd Annual PKI Resarch Workshop. NIST. April 2003.