Loren Kohnfelder

Early Work and the Invention of PKI

Loren Kohnfelder is a computer scientist whose contributions to public key cryptography have had a lasting and foundational impact on how secure communications are structured across the internet. In May 1978, he completed his S.B. (BSCSE) thesis at MIT, titled Towards a Practical Public-Key Cryptosystem. That thesis described a practical means of applying public key cryptography to secure network communications — work that effectively invented what is now known as public key infrastructure, or PKI.

The thesis introduced terminology that has since become standard across the field, including the terms "certificate" and "certificate revocation list." Beyond vocabulary, it established numerous conceptual building blocks that underpin modern PKI implementations. The X.509 certificate specification — which forms the basis for SSL, S/MIME, and the majority of contemporary PKI systems — is rooted in the framework Kohnfelder described in that 1978 thesis.

STRIDE Threat Modeling

In addition to his cryptographic work, Kohnfelder is recognized as the co-creator of the STRIDE model of security threats, developed alongside Praerit Garg. STRIDE is a structured framework used in threat modeling to identify and categorize potential security threats across software systems. The model has been widely adopted in the security industry as a practical tool for reasoning about attack surfaces and system vulnerabilities during the design phase of software development.

Writing and Publication

In 2021, Kohnfelder published Designing Secure Software through No Starch Press. The book addresses principles and practices for building security into software from the ground up, reflecting his decades of engagement with both the theoretical and applied dimensions of computer security.

Legacy

Kohnfelder's 1978 thesis represents one of the earliest and most consequential practical treatments of public key cryptography. The infrastructure concepts he articulated — certificates, revocation lists, and the broader PKI model — are now embedded in virtually every secure online transaction, from web browsing over HTTPS to encrypted email. His work on STRIDE has similarly shaped how security practitioners approach threat analysis, making his contributions influential across both cryptographic theory and applied security engineering.