Inferensys

Glossary

Public Key Infrastructure (PKI)

A comprehensive framework of roles, policies, hardware, and software required to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption for secure agent identity verification.
Developer demonstrating multi-agent tool use, agent tool selection interface on laptop, casual tech demo moment.
CRYPTOGRAPHIC TRUST FRAMEWORK

What is Public Key Infrastructure (PKI)?

The foundational system for establishing digital trust and identity in agentic communication networks.

Public Key Infrastructure (PKI) is a comprehensive framework of roles, policies, hardware, and software used to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It binds public keys to the verified identities of entities—such as autonomous agents, services, or users—through a trusted Certificate Authority (CA) , enabling secure, authenticated communication across untrusted networks.

In agentic systems, PKI underpins Zero Trust Architecture (ZTA) by enabling mutual TLS (mTLS) and workload identity verification without shared secrets. A compromise of the CA trust anchor, however, represents a catastrophic failure mode, allowing adversaries to issue fraudulent certificates and execute seamless agent impersonation attacks across the entire trust domain.

CRYPTOGRAPHIC TRUST INFRASTRUCTURE

Core Components of PKI for Agentic Security

The foundational systems that enable autonomous agents to verify identity, encrypt communications, and establish trust without shared secrets in zero-trust architectures.

01

Certificate Authority (CA) Hierarchy

A trust chain where root CAs issue certificates to intermediate CAs, which in turn issue leaf certificates to agents and services. This hierarchical delegation enables scalable trust without requiring every agent to directly trust every other agent.

  • Root CA: Offline, air-gapped, highest trust anchor
  • Issuing CA: Online, issues short-lived agent certificates
  • Registration Authority (RA): Vets agent identity before certificate issuance

In agentic systems, a compromised intermediate CA can be selectively revoked without invalidating the entire infrastructure, a critical property for blast radius containment.

RFC 5280
X.509 Standard
02

X.509 Digital Certificates

The standard format for binding a public key to an agent's identity through a CA's digital signature. Each certificate contains:

  • Subject Distinguished Name (DN): Agent's unique identifier
  • Subject Alternative Name (SAN): Additional identities like SPIFFE URIs
  • Validity Period: Not-before and not-after timestamps
  • Key Usage Extensions: Constraints on what the key can do (signing, encryption)

For agentic security, short-lived certificates (minutes to hours) eliminate the need for certificate revocation lists in dynamic environments where agents spin up and down rapidly.

ASN.1 DER
Encoding Format
03

Certificate Revocation Mechanisms

Systems for invalidating certificates before their natural expiration when an agent is compromised or decommissioned:

  • Certificate Revocation List (CRL): A periodically published list of revoked certificate serial numbers, signed by the issuing CA
  • Online Certificate Status Protocol (OCSP): Real-time revocation status queries, avoiding CRL download overhead
  • OCSP Stapling: The server includes a time-stamped OCSP response in the TLS handshake, eliminating client-side OCSP lookups

In agent mesh networks, OCSP stapling is preferred because it preserves agent privacy (the CA doesn't learn which agents are communicating) while providing real-time revocation.

RFC 6960
OCSP Standard
04

Certificate Enrollment Protocols

Automated mechanisms for agents to request and obtain certificates without manual intervention:

  • ACME (Automated Certificate Management Environment): The protocol behind Let's Encrypt, now adapted for internal PKI with ACME for Enterprise
  • SCEP (Simple Certificate Enrollment Protocol): Legacy protocol using challenge passwords for initial authentication
  • EST (Enrollment over Secure Transport): Uses existing TLS mutual authentication for certificate issuance, ideal for agents that already possess an initial identity

For agentic systems, EST with initial bootstrap tokens enables zero-touch provisioning where new agents automatically obtain workload identities upon deployment.

RFC 8555
ACME Standard
05

Certificate Transparency (CT)

An append-only, cryptographically assured public log of all issued certificates, designed to detect mis-issuance by compromised or rogue CAs:

  • Log Servers: Maintain Merkle tree-structured ledgers of certificates
  • Signed Certificate Timestamps (SCTs): Proof that a certificate has been logged
  • Monitors: Continuously scan logs for unauthorized certificates claiming agent identities

In agentic security, CT monitoring provides domain protection by alerting when any CA issues a certificate for an agent's SPIFFE ID or DNS name, enabling rapid detection of CA compromise or impersonation attempts.

RFC 6962
CT Standard
06

Key Lifecycle Management

The end-to-end governance of cryptographic key material throughout its existence:

  • Key Generation: Using hardware entropy sources within HSMs or TPMs, never software-only RNGs
  • Key Storage: Private keys never leave the secure enclave; operations occur within the hardware boundary
  • Key Rotation: Automated periodic replacement of agent keys with overlap periods to prevent authentication gaps
  • Key Destruction: Cryptographic erasure through secure zeroization of HSM memory

For autonomous agents, automated rotation with grace periods ensures that in-flight transactions complete successfully while old keys are phased out, preventing service disruption during security operations.

NIST SP 800-57
Key Management Guidelines
PKI FUNDAMENTALS

Frequently Asked Questions

Clear, technically precise answers to the most common questions about Public Key Infrastructure, certificate authorities, and trust chains in agentic systems.

Public Key Infrastructure (PKI) is a comprehensive framework of roles, policies, hardware, software, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It binds public keys to verified identities through a trusted hierarchy.

At its core, PKI operates on asymmetric cryptography, where each entity possesses a mathematically linked key pair:

  • Private key: Kept secret, used for signing and decryption
  • Public key: Freely distributed, used for verification and encryption

The Certificate Authority (CA) serves as the trusted third party that vouches for the binding between a public key and an identity by issuing an X.509 digital certificate. This certificate contains the subject's identity, public key, validity period, and the CA's digital signature. When Agent A receives Agent B's certificate, it validates the CA's signature using the CA's own public key, establishing a chain of trust that extends from a trusted root CA through intermediate CAs to the end-entity certificate. In agentic systems, this prevents agent impersonation attacks by ensuring every autonomous agent presents cryptographically verifiable identity credentials before establishing communication.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.