[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Signautures: [pki-tc] Was: On Anders Rundgren's PKI ROI thoughts
>From: swilson@galexia.com.au [mailto:swilson@galexia.com.au] >I defintely agree that #3 represents the strongest for return on >investment. There are whole classes of paper-like e-business which you >wouldn't dare conduct without the safety of persistent digital >signatures. I don't think these applications are inherently confined to >the public sector, although this is indeed where the action is right now. Although I principally agree, the ability to sign documents or transactions in a web environment is actually 100% vendor-defined. "Vendor" does in this context not refer to browser/OS vendors but to various security ISVs, consultants, and in-house suppliers. That is, in spite of decades of talks about digital signatures, we still don't have the means to do it in a cost-efficient fashion, and particularly not in an _interoperable_ way. That signed e-mail is standard is all and well but this is not where the action is today. The only browser vendor that have expressed any interest in this matter is Microsoft, but unfortunatly they want to do it on their own and only support it in "Longhorn". I'm less convinced that this is what e-governments and on-line banks are looking for, as they are in no position to convert their entire user-base into using a single operating system no matter how good it might be. So for now, PKI is (on a wider scale) effectively limited to providing "strong authentication". It is worth noting though that there are other and less complex means to obtain this in a web environment, here thinking of One Time Passcode systems which have the tremendous advantage of not requiring any additional client software or readers. regards Anders Rundgren
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]