PRQP aims to improve Interoperability and Usabilities issues among PKIs, helping finding services and data repositories associated with a CA.
With the deployment of new applications and services, the need to access PKI resources provided by different organizations is critical.
In PKIs there are three other primary methods for clients to obtain pointers to PKI data: adopting specific certificate extensions; looking at easily accessible repositories (e.g. DNS, local database, etc.
The Subject Information Access extension can carry a URI to point to certificate repositories and timestamping services.
Indeed, to modify or add new extensions, in order to have users and applications to be aware of new services or their dismissal, the certificate must be re-issued.
As defined in RFC 2782, the introduction of this type of record allows administrators to perform operations rather similar to the ones needed to solve the problem PRQP addresses, i.e. an easily configurable PKI discovery service.
The returned record contains information on the priority, the weight, the port and the target for the service in that domain.
In fact it is extremely difficult for a client to map digital certificates to DNS records because the DC format is not widely adopted by existing CAs.