Cyber-attacks are becoming more common against Internet users due to the increasing dependency on online communication in their daily lives. X.509 Public-Key Infrastructure (PKIX) is the most widely adopted and used system to secure online communications and digital identities. However, different attack vectors exist against the PKIX system, which attackers exploit to breach the security of the reliant protocols. Recently, various projects (e.g., Let’s Encrypt and Google Certificate Transparency) have been started to encrypt online communications, fix PKIX vulnerabilities, and guard Internet users against cyber-attacks. This survey focuses on classical PKIX proposals, certificate revocation proposals, and their implementation on blockchain as well as ledger technologies. First, we discuss the PKIX architecture, the history of the World Wide Web, the certificate issuance process, and possible attacks on the certificate issuance process. Second, a taxonomy of PKIX proposals, revocation proposals, and their modern implementation is provided. Then, a set of evaluation metrics is defined for comparison. Finally, the leading proposals are compared using 15 evaluation metrics and 13 cyber-attacks before presenting the lessons learned and suggesting future PKIX and revocation research.

中文翻译：

---

X.509 公钥基础设施、证书吊销及其在区块链和账本技术上的现代实施的调查

由于互联网用户在日常生活中越来越依赖在线通信，网络攻击变得越来越普遍。X.509 公钥基础设施 (PKIX) 是最广泛采用和使用的系统，用于保护在线通信和数字身份。然而，针对 PKIX 系统存在不同的攻击媒介，攻击者利用这些攻击媒介来破坏依赖协议的安全性。最近，各种项目（例如 Let's Encrypt 和 Google Certificate Transparency）已经启动，以加密在线通信、修复 PKIX 漏洞并保护互联网用户免受网络攻击。本次调查重点关注经典的 PKIX 提案、证书撤销提案及其在区块链和账本技术上的实施。首先，我们讨论 PKIX 架构、万维网的历史、证书颁发过程以及证书颁发过程可能受到的攻击。其次，提供了 PKIX 提案、撤销提案及其现代实施的分类。然后，定义一组评估指标以进行比较。最后，使用 15 个评估指标和 13 个网络攻击对主要提案进行比较，然后介绍经验教训并建议未来的 PKIX 和撤销研究。