PKI in the Real World


HTTPS, code signing: mostly flat, single-level PKI with a handful of commonly-accepted commercial root CAs

SSH: no PKI to speak of

PGP: ad-hoc web-of-trust, with untrusted keyservers and no CRLs

IKE: "opportunistic encryption"

No real global namespace, common directory, hierarchy, or revocation