[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Fwd: PKI SC Status Reports Due Today
Arshad, I look forward to hearing the outcome of your research, including any suggestions you may have for addressing the problem of digital signature standardization. Anders, giving certs to servers and organizations is common practice with today's X.509 PKIs. Issuing certs to end-users is different, as you say. If you feel that there are barriers to server or domain PKI, could you describe them? Note that I have read your paper at http://w1.181.telia.com/~u18116613/pki4org.pdf Thanks, Steve Anders Rundgren wrote: > Arschad, > > >>I've come to the realization that the single biggest >>difficulty is the ability to digitally sign a transaction in a >>web-application in a standardized way. > > > Absolutely. But as I mentioned a year ago the whole concept of web- > signatures is essentially unknown in the world of standards organizations: > http://lists.oasis-open.org/archives/pki-tc/200311/msg00000.html > > >>If you talk to a developer long enough, they will explain many different >>ways that one can solve this problem, but none that are standardized. > > > Agreed. Apart from the fact that there are no web-signature standards, > there is also this other little problem known as end-2-end security. > If applied to e-commerce, you end up with awkward schemes like > having to sign (and thus display) EDI data in the client environment. > In non-PKI systems, EDI messages are created at server-level which > scales much better and is compatible with browsers and the web. > But doing that leaves server-PKI as the only viable option for signing > outgoing business messages. The consequences of such schemes > are very far-fetching, but IMHO about 99% of these are just good. > > Note though that such schemes are principally different to the US > federal PKI architecture which is rooted in S/MIME. > > Anders Rundgren > PKI Architect etc. > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]