David Wozny - PKI Bloke (Retired)

White Papers

The two documents presented here are possibly some my best authoring work and give a reasonable idea of the type of work I was engaged in delivering.


PKI Offline CA HSM Best Practices for Thales / nCipher

I was commissioned by Thales e-Security, to author a white paper providing a detailed examination of architectural best practices on deploying \ securing offline certification authorities and hardware security modules.  The paper articulates PKI trade‐offs in security, simplicity, availability and cost.  Click on the link here to download it as I wrote it for Thales: Offline CA Best Practices White Paper​.  After nCipher was spun out of Thales in 2019, the document was reformatted and re-published (by this time I had retired) - you can access it by clicking this link.


​Active Directory Certificate Services (ADCS) for Oxford Computer Group
I was commissioned by ThirdSpace (formerly Oxford Computer Group), the identity and security management specialists for enterprises, to author a white paper which explains PKI at a very high level and describes "how Microsoft does it".  Click on the link here to download it:
ADCS White Paper