Rec. ITU-T X.509 | ISO/IEC 9594-8 (ITU-T X.509) provides the framework for the public-key infrastructure (PKI). ITU-T X509 is one of the more important cybersecurity standards being widely used for securing online banking, e-health, e-government, and lately also used for securing other areas such as the power industry and Internet of Things (IoT). It has served well within countries where trust can be established by a so-called trust anchor trusted by everybody in the PKI domain.

This page describes a proposal for a new public-key infrastructure (PKI) where certification authorities (CAs) and attribute authorities (AAs) are interconnected through a blockchain network to form a decentralized public-key infrastructure (DPKI). By connecting to a blockchain node in the DPKI, a CA may forward public-key certificate information, and an AA may forward attribute certificate information together with status information into the ledger. The certificates (public-key and attribute certificates) are thoroughly validated by the local node and if successfully validated the node forms transactions to be validated by other nodes through a consensus process. Transactions are then formed into blocks to be added to the blockchain and reflected in a DPKI directory also part of the ledger. Data stored in the ledger can be considered genuine, eliminating the need for providing revocation information in other ways. The certificate information in the DPKI directory may be accessed at every node by entities requiring that information.