OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] Notes from last week's HEPKI-TAG call

Some comments to this...

>* With web-based PKI, there's no way to force the
>  user to reauthenticate. That's a problem if the
>  user has walked away from their desk, leaving
>  their smart card or soft token activated.

Adding another problem with web-based PKI:
AFAIK web-based signing in spite of being a much needed
feature for on-line activties is not even a standards task.
Every bank, e-government have therefore to deploy their
own unique or purchased signature plugin.

Yet another problem with web-based PKI:
I seems that the standards used for on-line certification suffer
from a real-world disconnect as well as being non-standard.
Microsoft's Xenroll is a non-portable solution.  I'm
puzzled that nobody digs into this as on-line certification
schemes are the only thing that scales.  The real-world
disconnect is that in all *real* certification schemes for
individuals the *provider* wants to control every parameter
it can.  BTW, if somebody is interested in this area I'm
interested in doing something here!

>* Applications should use the PKI support that's built
>  into the operating system. Then they'll get smart card
>  support automatically.

AFAIK none of the major leading or obscure vendors
of PKI-enabled cards have donated support to Windows.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]