Invisibly Protecting your Digital Assets with Public Key Infrastructure - page 5
PKI's privacy and authentication measures work well for any two-way communication. Authentication also works well for one-to-many communication, such as signing a document or an email that many people will read. However, privacy is another matter. Remember that privacy works by having the sender encrypt the information with the recipient's public key. What if there are multiple recipients on an email message that should be kept private? There is no simple answer for this.
Another drawback to encrypted email or any information is the possibility of losing your private key, which is required for decryption of information that is sent to you. The problem is worse with PKI than with symmetric encryption, because you are the only one who has your private key. A simple method to protect your private key is to back it up on a floppy. Then if you lose your hard drive, you have another way to get at your private key.
On the other hand, if someone else got access to the floppy, then your private key would be compromised. You would have to have your certificates revoked and get new ones issued, along with a new private key--a major hassle. And what about documents that might have been forged before you discovered the problem?
Some systems offer stronger methods to back up keys. For example, a private key can be split into several pieces, called shares. The shares can then be given to different trusted people, or encrypted with each of their public keys and stored (perhaps on a floppy!) by the key's owner. In either case, it is impossible for one person alone to reconstruct the private key. If you plan to use PKI on a large scale or to protect information over a significant period of time, the ability to recover or reconstitute lost keys should be on your product requirements checklist.
Is "everyday" PKI security enough for your organization? If all you are doing is encrypting and signing email or authenticating your web server, everyday security is probably good enough. However, with PKI you have an opportunity to streamline your procedures for protecting and sharing sensitive and valuable information. Appropriate use of PKI can reduce costs, speed operations, and open up new business opportunities by allowing you to safely access and obtain that information via your internal network. If you access your data over the Internet, you will want to use a stronger level of PKI, with more sophisticated software, operations, and longer keys. You owe it to yourself to investigate what doors PKI can open for you and your organization.