Reference

SPKI/SDSI (Simple Public Key Infrastructure/Simple Distributed Security Infrastructure) is a framework designed for managing public keys and certificates in a decentralized manner. The primary reason commercial certificate authorities (CAs) have no role in SPKI/SDSI is due to the fundamental differences in how trust and identity are managed compared to traditional Public Key Infrastructure (PKI) systems.

1. Decentralized Trust Model: SPKI/SDSI operates on a decentralized trust model, where trust is established through direct relationships and local naming rather than relying on a centralized authority. In this model, users can create and manage their own certificates and define their own trust relationships without needing a third-party CA to validate identities.

2. Local Namespaces: SPKI/SDSI uses local namespaces, allowing users to define names within their own context. This contrasts with the global namespace approach used by traditional PKI, where CAs issue certificates that bind a public key to a globally recognized identity.

3. Simplified Certificate Structure: The certificates in SPKI/SDSI are simpler and focus on authorization rather than authentication. They are designed to specify what actions a key holder is authorized to perform, rather than proving the identity of the key holder.

4. User-Centric Control: SPKI/SDSI empowers users to have more control over their security policies and trust decisions. This user-centric approach reduces the need for a centralized authority to mediate trust.

Because of these characteristics, SPKI/SDSI does not require the involvement of commercial CAs, which are typically used in traditional PKI systems to provide a trusted third-party validation of identities. Instead, SPKI/SDSI emphasizes direct trust relationships and local control over security policies.