[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Additional comments (OASIS PKI TC Survey)
Dear Sirs, This is a short list of PKI obstacles. 1.- The lack of supporting elements, such as smart card support. This was a big problem, but with the new USB smart cards, such as Schlumberger's e-gate, it is really easy to integrate smart cards in PC systems. 2.- Also very important, though usually not considered, lack of software protection. If signing software is not secure, what do we want the PKI for? In fact, this problem seriously limits the applications of PKIs to internal applications. Some wrongly believe that smart cards and other hardware devices can solve this problem. However, a smart card only solves the problem of protecting the private key during the process of producing the signature but cannot guarantee that the signature is computed on the document intended by the user. 3.- Interoperability is also very important. I really believe that XML will be the natural way to convey certificates, and the X.509 group is going in this direction. 4.- Last but not least (in fact, it is maybe the most important of my comments), I think that it is the moment for a change in the way certificates are seen. My opinion is that a general form of certificates should be deployed, capable of storing any attribute about a principal. In this sense, "attribute certificates" are defined by X.509v3 (2000 edition) as an alternative to identity certificates (and linked to them). I think that a big problem with identity certificates is that it is assumed that they have common semantics, but they don't. The main problem regarding interoperability of certificates is not their syntax but their semantics. Therefore, if we develop a general form of certificates and mechanisms to include their semantics (instead of having predefined semantics, or definitions that are not machine-understandable such as CPS), we will be able to make digital certificates usable. I have been working on these issues for some time and have developed the essentials of the semantic description mechanisms following the "semantic web" philosophy. I would like to be actively involved in the work of this group if you think that these ideas can be interesting for your planned work. Please, do not hesitate to contact me if you want more information. I can send you some papers that we have published about our approach. Best regards, Antonio Maña. -- ___ /----------------------------------------------------------/ | / _ , / /| | / Antonio Mana Gomez eMail: amg@lcc.uma.es / / | | / amana@acm.org / / | | / http://www.lcc.uma.es/~amg / /__ | | __ /----------------------------------------------------------/_// ||_|/ | / Departamento de Lenguajes y Ciencias de la Computacion / | / | / E.T.S.I.Informatica. Desp. 3.2.7 / /| | / /| | / University of Málaga. Campus de Teatinos. / / | |/ / | | / 29071 MALAGA (SPAIN) / /__| / | | /--------------------------------------------------------/_// /|__/ |_| / Phone: (+34) 95 213 71 42 / / _ / Fax: (+34) 95 213 13 97 / / | | / Alternative Phone: (+34) 95 213 41 86 / /___| | /-------------------------------------------------------/________| ------------------------------------------------------ Mensaje enviado desde el Servidor de Correo del Departamento de Lenguajes y Ciencias de la Computacion de la Universidad de Malaga ------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]