Excerpt from http://www.credentica.com/mit/Chapter1.pdf
It is ironic that digital certificates today are considered by many to be a secure way to provide access to personal data stored in central databases. The practice of looking up data in real time in a central database goes against the philosophy behind digital certificates, which is to allow offline verification of digital signatures. In many PKIs it is a waste of efficiency to use digital certificates in combination with central database lookup; one might as well do away with digital certificates altogether and simply check the validity of public keys in a central database. Indeed, Wheeler and Wheeler and the Accredited Standards Committee X9 for this reason propose a return to the online key repository model of Diffie and Hellman. (This model cannot protect the privacy of certificate holders, though, as we will see later on.) The central database paradigm is even less desirable from the perspective of individuals:
- Individuals can be discriminated a