OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] Fwd: PKI SC Status Reports Due Today

Arshad, I look forward to hearing the outcome
of your research, including any suggestions you
may have for addressing the problem of digital
signature standardization.

Anders, giving certs to servers and organizations
is common practice with today's X.509 PKIs. Issuing
certs to end-users is different, as you say. If you
feel that there are barriers to server or domain PKI,
could you describe them? Note that I have read your
paper at http://w1.181.telia.com/~u18116613/pki4org.pdf

Thanks,

Steve

Anders Rundgren wrote:

> Arschad,
> 
> 
>>I've come to the realization that the single biggest 
>>difficulty is the ability to digitally sign a transaction in a 
>>web-application in a standardized way.
> 
> 
> Absolutely.  But as I mentioned a year ago the whole concept of web-
> signatures is essentially unknown in the world of standards organizations:
> http://lists.oasis-open.org/archives/pki-tc/200311/msg00000.html
> 
> 
>>If you talk to a developer long enough, they will explain many different 
>>ways that one can solve this problem, but none that are standardized.
> 
> 
> Agreed.  Apart from the fact that there are no web-signature standards,
> there is also this other little problem known as end-2-end security.
> If applied to e-commerce, you end up with awkward schemes like
> having to sign (and thus display) EDI data in the client environment. 
> In non-PKI systems, EDI messages are created at server-level which
> scales much better and is compatible with browsers and the web.
> But doing that  leaves server-PKI as the only viable option for signing
> outgoing business messages.  The consequences of such schemes
> are very far-fetching, but IMHO about 99% of these are just good.
> 
> Note though that such schemes are principally different to the US
> federal PKI architecture which is rooted in S/MIME.
> 
> Anders Rundgren
> PKI Architect etc.
> 
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]