What is lack of trust and non-repudiation in a PKI?
A public key infrastructure (PKI) with inadequate security, especially referencing key management, exposes the organization to loss or disruptions, if the organization cannot legally verify that a message was sent by a specific user.
A PKI built with security and integrity at its core can provide you with legal protection in instances, when user activity is in dispute. The secure digital signature provides irrefutable evidence of the message’s sender as well as the time it was sent, but it is only as defendable as the PKI is strong. By demonstrating that signing keys are adequately protected all the way back to the root key, your organization can withstand any legal challenge about the authenticity of a specific user and their actions.