Over the years, the need for private, industry, or solution-specific PKI has grown significantly, with stricter policies and the revocation of certificates and CAs becoming more common. The impact of changes in centralized PKI have caused delays and disruption of third-party services that may or may not have been considered. Any PKI (public, private, or specific) must operate according to best practices, clear policies and without a single point of failure.
This is why the Public Key Infrastructure Consortium (PKIC) was formed. The PKIC was born out of the CA Security Council, with a broader mission to advance trust in assets and communication for everyone and everything using public key infrastructure (PKI). Our efforts will increase the security of the internet in general by engaging with users, regulators, supervisory bodies and other interested or relying parties.
By broadening our mission to encompass all PKI, we can improve, create, and collaborate on generic, industry or use-case specific policies, procedures, best practices, standards, and tools. This can include topics such as eIDAS, qualified trust services, TLS certificates, self-sovereign identities, distributed PKI, remote key attestation, verifiable credentials, web packaging, internet of things, etc. The PKI Consortium can also work on more generic issues such as audit schemes, trust, recognition, data quality/normalization, strengthening and simplifying requirements, and linters for keys, certificates or services.
To enable these objectives, as the PKIC we are expanding our membership to collect a broader perspective. By being more open we will have a better understanding of the need and impact on changes to the broader industry.
If you are interested in joining the PKI Consortium, please fill out the following application here: https://pkic.org/join/
(some members have requested not to be listed on the website, including several government organizations)
The Public Key Infrastructure Consortium (PKI Consortium) is comprised of leading organizations that are committed to improve, create and collaborate on generic, industry or use-case specific policies, procedures, best practices, standards and tools that advance trust in assets and communication for everyone and everything using Public Key Infrastructure (PKI) as well as the security of the internet in general. By engaging with users, regulators, supervisory bodies, standards bodies, and other interested or relying parties the PKI Consortium can address actual issues.