[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Additional comments (OASIS PKI TC Survey)
Dear Sirs,
This is a short list of PKI obstacles.
1.- The lack of supporting elements, such as smart card support.
This was a big problem, but with the new USB smart cards,
such as Schlumberger's e-gate, it is really easy to integrate
smart cards in PC systems.
2.- Also very important, though usually not considered, lack of
software protection. If signing software is not secure, what
do we want the PKI for? In fact, this problem seriously limits
the applications of PKIs to internal applications. Some wrongly
believe that smart cards and other hardware devices can solve
this problem. However, a smart card only solves the problem of
protecting the private key during the process of producing the
signature but cannot guarantee that the signature is computed
on the document intended by the user.
3.- Interoperability is also very important. I really believe that
XML will be the natural way to convey certificates, and the
X.509 group is going in this direction.
4.- Last but not least (in fact, it is maybe the most important of
my comments), I think that it is the moment for a change in the
way certificates are seen. My opinion is that a general form of
certificates should be deployed, capable of storing any attribute
about a principal. In this sense, "attribute certificates" are
defined by X.509v3 (2000 edition) as an alternative to identity
certificates (and linked to them).
I think that a big problem with identity certificates is that it
is assumed that they have common semantics, but they don't. The
main problem regarding interoperability of certificates is not
their syntax but their semantics. Therefore, if we develop a
general form of certificates and mechanisms to include their
semantics (instead of having predefined semantics, or definitions
that are not machine-understandable such as CPS), we will be
able to make digital certificates usable.
I have been working on these issues for some time and have developed
the essentials of the semantic description mechanisms following the
"semantic web" philosophy.
I would like to be actively involved in the work of this group if you
think that these ideas can be interesting for your planned work. Please,
do not hesitate to contact me if you want more information. I can send
you some papers that we have published about our approach.
Best regards,
Antonio Maña.
--
___
/----------------------------------------------------------/ |
/ _ , / /| |
/ Antonio Mana Gomez eMail: amg@lcc.uma.es / / | |
/ amana@acm.org / / | |
/ http://www.lcc.uma.es/~amg / /__ | | __
/----------------------------------------------------------/_// ||_|/ |
/ Departamento de Lenguajes y Ciencias de la Computacion / | / |
/ E.T.S.I.Informatica. Desp. 3.2.7 / /| | / /| |
/ University of Málaga. Campus de Teatinos. / / | |/ / | |
/ 29071 MALAGA (SPAIN) / /__| / | |
/--------------------------------------------------------/_// /|__/ |_|
/ Phone: (+34) 95 213 71 42 / / _
/ Fax: (+34) 95 213 13 97 / / | |
/ Alternative Phone: (+34) 95 213 41 86 / /___| |
/-------------------------------------------------------/________|
------------------------------------------------------
Mensaje enviado desde el Servidor de Correo del
Departamento de Lenguajes y Ciencias de la Computacion
de la Universidad de Malaga
------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]