At present, ever more services and protocols are being defined to address different needs of users and administrators in PKIs. With the deployment of new applications and services, the need to access PKI resources provided by different organizations is critical. Each application needs to be told about how to find these services for each new certificate it encounters. Therefore, each application needs to be properly configured by filling in complex configuration options whose meaning is mostly unknown to the average user (and likely to the administrator as well).

A dynamic method capable to provide more timely information about provided services and available PKI resources would be interesting. It would also help in painless rollover between services, e.g. switching from CRLs to OCSP for certificate validation. For instance this would allow PKI management to dynamically choose which services are to be provided based on the faced challenges during infrastructure deployment. We believe that a DNS for PKI resources is something that is missing in current deployments and would be most beneficial to, and welcomed by PKI operators and relying parties.

To address interoperability and trust building issues among separate PKI islands we present a new PKI Resource Query Protocol (PRQP).

In order to report issues or vulnerabilities found in the software, please use the dedicated prqpd-issues -at- openca -dot- org address for private submissions or the PRQPD issues tracker for public issues.