[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Fwd: PKI SC Status Reports Due Today
Arschad, >I've come to the realization that the single biggest >difficulty is the ability to digitally sign a transaction in a >web-application in a standardized way. Absolutely. But as I mentioned a year ago the whole concept of web- signatures is essentially unknown in the world of standards organizations: http://lists.oasis-open.org/archives/pki-tc/200311/msg00000.html >If you talk to a developer long enough, they will explain many different >ways that one can solve this problem, but none that are standardized. Agreed. Apart from the fact that there are no web-signature standards, there is also this other little problem known as end-2-end security. If applied to e-commerce, you end up with awkward schemes like having to sign (and thus display) EDI data in the client environment. In non-PKI systems, EDI messages are created at server-level which scales much better and is compatible with browsers and the web. But doing that leaves server-PKI as the only viable option for signing outgoing business messages. The consequences of such schemes are very far-fetching, but IMHO about 99% of these are just good. Note though that such schemes are principally different to the US federal PKI architecture which is rooted in S/MIME. Anders Rundgren PKI Architect etc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]