Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. PKI involves digital certificates which are managed by certificate authorities (CAs) that authenticate users identity, in order to establish encrypted communication channels. The centralized operation model of CAs has already caused several targeted attacks due to the distribution of rogue certificates. Users remain vulnerable since it is too challenging to detect and revoke such certificates, but also to speed up the user update process when a certificate is revoked. To address such issues, a decentralized PKI alternative approach, targeting Domain Validated certificates, is proposed. In the proposed approach, which is based on blockchain technologies (such as Bitcoin and Ethereum), the transparency, immutability and decentralization aspects of these technologies have been leveraged. Comparisons among the proposed approach, the conventional PKI and other decentralized approaches have been implemented to showcase the impact and the potential of the proposed approach.

公钥基础结构（PKI）在Internet上得到广泛使用，以保护和加密各方之间的通信。PKI包含数字证书，数字证书由认证用户身份的证书颁发机构（CA）管理，以建立加密的通信通道。由于恶意证书的分发，CA的集中式操作模型已经引起了几次针对性攻击。用户仍然容易受到攻击，因为检测和吊销此类证书极具挑战性，而且在吊销证书时也要加快用户更新过程。为了解决这些问题，提出了一种针对域验证证书的分散式PKI替代方法。在基于区块链技术（例如比特币和以太坊）的提议方法中，透明性，这些技术的不变性和分散性方面已经得到了利用。已对提议的方法，传统的PKI和其他分散方法进行了比较，以展示提议的方法的影响和潜力。