Although much progress has been made towards a more secure public key infrastructure (PKI), the proposed approaches still suffer from security vulnerabilities, inefficiency, or incremental deployment challenges. In this presentation we introduce novel infrastructures that enhance the security and efficiency of PKI by offering: a) stronger authentication of a domain’s public keys, b) comprehensive and clean mechanisms for certificate management, and c) an incentivised incremental deployment plan. Surprisingly, our approaches have proved fruitful in addressing other seemingly unrelated problems such as client-side error handling and client/server misconfiguration.


Pawel Szalachowski is currently a senior researcher in Network Security Group at ETH Zurich. He received his Ph.D. degree in Computer Science (2012) from Warsaw University of Technology, Poland. His research interests include the network and system security, public key infrastructures, and applied cryptography. He leads the design and implementation of the SCION architecture (https://www.scion-architecture.net/).

Next-generation Secure Public-Key Infrastructures (Pawel Szalachowski)