I was recently speaking to a PKI vendor and it was interesting that they made a comparison of PKI to the red headed stepchild of security. I find this interesting because of how prevalent and important PKI is to security in general. Of course I totally understood the analogy, as it is perceived to be an area that most folks do not want to go around, as it is a hard one to rap your head around and even at times seems to be a bit counter-intuitive.
One critical and interesting part to PKI, it has the ability to be both extremely secure and at the same time extremely insecure. It is no surprise then that most companies implement PKI for the extreme security side but due to bad implementation over all security is reduced as a result.
With this, I will explain PKI in simple terms, trying to translate more complex terms but will also explain the pitfalls and why most implementations end up exposing the company more then no implementation at all.