The function of a public key infrastructure (PKI) is to ensure secure delivery and management of public keys. Alternative trust models lead to different key architectures.
Public keys are published by means of digitally signed certificates.
A private key may be compromised, in which case the certificate containing the corresponding public key must be revoked. Many revocation methods are in current use. Publication of Certificate Revocation Lists (CRLs) and checking with an Online Certificate Status Protocol (OCSP) responder are best established.