PKI is becoming a very popular security infrastructure in today’s world. PKI is already being used in signing electronic documents, signing and encrypting emails, securing instant messages, smart cards, and emerging into the IoT market. Smart cards and IoT devices have already been touched upon, but an application that did not immediately come to mind for me utilizing PKI is the signing and encrypting of emails. Phishing emails are a very common way of infiltrating a system and they can often be very sophisticated. Often the address of the sender is spoofed to look like someone very trustworthy, but in reality that person did not send the email. With PKI encryption, recipients are able to confirm that the sender is actually who they say they are, and this can tighten security on phishing emails. Certificate Management seems to be an issue with PKI because trust needs to be placed in the hands of one CA. Why is that CA so trusted in the core security of PKI data transfer? What makes that CA an authority? Also what happens when a certificate needs to be revoked? The CAs have so much power that if their private key was compromised, it would compromise the security of all data with that certificate. Because the security of the system lies mainly in the hands of certificates granted by CAs, there is a very clear target for attacks. I want to take a reach and speculate on the future of PKI in terms of certificate management. PKI utilizes CAs to authenticate and sign certificates, but if PKI becomes the most widely used and popular infrastructure, and a few companies take hold of the CA market, what is to stop them from either charging too much, or charging premiums for faster authentication. It may be a possibility that CA providers could end up just like our ISPs are now, essentially doing whatever they want. CA providers could have the power to slow down authentications and bog down services. This is only the case however if our society relies on PKI security just as we rely on our internet today. I’m not sure I truly believe this theory myself, and maybe I think that CA providers have more power than they actually do, but I am curious if other people think this future is a possibility.