[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re:[pki-tc] PKI-TC charter issue
Hi Stephen, I only addressed digital signatures in the most prevalent environment of all, not other possible PKI problems and misconceptions we may face. Since you have ties to the Asina PKI community, can you give us any information on how this part of the world address "Web Sign"? Regarding the other things you write about I (for those who have the time to read) comment this in line below thanx, Anders Rundgren >I don't see things as bleakly as you do apparently. I'm a realist. In spite of the problems 7% of the Swedish population use digital signatures and PKI on a regular basis. That's probably a world record (per capita). But frankly those solutions stink as they are non-mobile, uses NDA protected signature plugins, and are due to their "soft" nature hadly more secure than static passwords. <snip> >The main impediments to PKI to date I think are as follows: >(1) people misunderstood that PKI is really only well suited (or uniquely >suited shall we say) to signature applications (i.e. paper-like >transactions) with multiple relying parties, with rather long liefetimes. I would put it differently. PKI is the only technology that is suited for digital signatures but signatures are (in the client context NB) in fact entirely optional. >(2) people aimed for a one size fits all, general purpose identifier, when >in fact, in paper-like e-business, we use multiple identities/credentials. This sounds like an EU idea and has indeed failed. Except when RPs are government agencies in a country where there is a working citizen ID. Like in Sweden. >Therefore, some of the dead-ends of PKI have includes Big Bang electronic >passport types of business models, Don't know exactly what you are referring to here >e-business exchanges, That was a really bad idea but I don't think we agree on why! >internet banking, I would be very interested to know why internet banking is not suited for PKI. All banks in EU want to use PKI. The reason they usuallly don't is the same reason as why private enterprises don't: Where is the reader? There are other reasons as well like the fact that on-line provision is the norm but still very badly handled by browser vendors (no standards). >and person-to-person e-mail. See e-business exchanges. (3) added: PKI specialists' fixation with end-to-end security in spite of that it is impossible to launch without taking down every app there is and rework not only the SW but the business processes as well. (usually by adjusting the "business logic" as this layer is in conflict with the client/user as the only authority). <snip> /a
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]