SecAppDev 2025 lecture details

PKI and eIDAS

This talk covers PKI technologies, their role in web security, key failures and fixes (e.g., EV, pinning, transparency), and the impact of eIDAS 2.0 on EU PKI services and upcoming European Digital Identity Wallets.

Download handouts
Wednesday June 4th, 09:00 - 10:30
Room Lemaire
Abstract

This talk describes PKI technologies and explains how they are integrated in the web ecosystem. It also covers a history of security failures and attempts to resolve them (examples: extended validation, certificate pinning, certificate transparency). The eIDAS 2.0 regulation (approved in May 2024) has introduced new rules for PKI services in the EU, including strong powers for EU member states to interfere with their operation. It has also set out the rules for the European Digital Identity Wallets that should go live by November 2026.

Key takeaway

PKI is a core technology that are essential to secure large open systems; surprisingly, it is technically complex and presents governance challenges.

Content level

Introductory

Target audience

Anyone who wants to learn how modern PKI works and what the challenges are

Prerequisites

None

Join us for SecAppDev. You will not regret it!

Bart Preneel
Bart Preneel

Full professor, COSIC - University of Leuven

Expertise: Applied cryptography, privacy, cybersecurity policy

More details

Join us for SecAppDev. You will not regret it!

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting