A survey of PKI components and scalability issues

In this paper, PKI implementations, namely PKTX, SPKT and PGR are discussed. In all of these systems, there is a need to perform both efficient enrollment and revocation. We examined some of the more common certificate revocation methods. All of these solutions differ in how they balance the amount of communication between the directory and CA with the amount of communication between the directory and the end users. Additionally, some of them make trade-offs to work better in an offline environment. Lastly, we looked closely at some of the newer real-time PKI services such as OCSP, SCVP and DVCS. These services offer everything from real-time certificate status checking to complete certificate validation and verification. SCVP even allows organizations to create central points of management for all certificate handling and PKI policy enforcement. Depending on the goals and resources of a particular project, the most scalable PKI solution will look very different. Thus, it is impossible to say that PKI does or does not scale, but one can only say that a particular PM solution does or does not scale for their environment