[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Notes from last week's HEPKI-TAG call
Some comments to this... >* With web-based PKI, there's no way to force the > user to reauthenticate. That's a problem if the > user has walked away from their desk, leaving > their smart card or soft token activated. Adding another problem with web-based PKI: AFAIK web-based signing in spite of being a much needed feature for on-line activties is not even a standards task. Every bank, e-government have therefore to deploy their own unique or purchased signature plugin. Yet another problem with web-based PKI: I seems that the standards used for on-line certification suffer from a real-world disconnect as well as being non-standard. Microsoft's Xenroll is a non-portable solution. I'm puzzled that nobody digs into this as on-line certification schemes are the only thing that scales. The real-world disconnect is that in all *real* certification schemes for individuals the *provider* wants to control every parameter it can. BTW, if somebody is interested in this area I'm interested in doing something here! >* Applications should use the PKI support that's built > into the operating system. Then they'll get smart card > support automatically. AFAIK none of the major leading or obscure vendors of PKI-enabled cards have donated support to Windows. Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]