[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Your PKI-TC input
Jean, I got the message you sent to the PKI-TC. I still think that we (the PKI experts), have a lot of things to cater for before we can "sell" PKI to the world in a big way. Local PKIs works AFAIK quite well, it is rather when we talk about organization-to-organization messaging that I at least feel that things break down a bit. IMHO the PKI dogma that says that digital signatures and certificates primary are for replacing legally binding handwritten signatures is the primary culprit for this mess. Roughly 100% of existing high-value and high-volume EDI-style B2B and bank-to-bank transactions are authenticated at the business partner level through the use of leased lines, shared secrets, VPNs etc. As long as we. the PKI community, continue to ignore this fact, and update our visions accordingly, costs will be prohibitive, interoperability "suck", and results be pretty marginal. Even the EU have recently acknowledged that "signing legal entities" is a necessity. Particularly for automated processes where no individual may be involved. Invoicing is a major such activity. But if this "works" for invoices shouldn't it also "work" for purchase orders etc? Certainly! And voila, an entirely new PKI is born! I'm very pleased to see that several European e-governments are actually building IT-architectures secured by PKI, but separating PKIs for G2G transactions from PKIs for C2G. Regarding what is legally binding, I believe *anything* that constitutes a strong technical evidence, is likely to end-up as applicable in a court of law. 10 years ago DNA didn't make it, today it does. Anders Rundgren
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]