A Global Authentication System

At Internet scale an authentication infrastructure (also known as a Public Key Infrastructure (PKI)) is needed to distribute public keys. A PKI must (1) enable its users to specify who they trust; (2) be straightforward to use; and (3) be efficient at Internet scale. Current PKIs do not meet this challenge. We describe here a new infrastructure that we designed and implemented to meet this challenge. We show that it can efficiently support arbitrarily large communities embedded in the Internet. We also describe a revocation system. The design of the system is based on the analysis of existing revocation algorithms. We find the revocation database and updates are two dominating factors affecting the performance of a revocation system. With a new proposed encoding method, it largely reduces the size of revocation database. Plus, with other existing techniques, the revocation updates size can also be relative small.