[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Fwd: PKI SC Status Reports Due Today
Steve, >Anders, giving certs to servers and organizations >is common practice with today's X.509 PKIs. Issuing >certs to end-users is different, as you say. If you >feel that there are barriers to server or domain PKI, >could you describe them? Note that I have read your >paper at http://w1.181.telia.com/~u18116613/pki4org.pdf I probably have a somewhat black-and-white view of PKI.... The "barrier" I see, is that by having servers do the signing, most of the motivation behind exposing client-side PKI and associated directories, roots, and policies outside of an organization disappears. Essentially you separate internal and external security and let these two things develop on their own. On-line banks would IMHO hardly have 100M + users if client-security in one bank would spill over to all other banks. That's at least my thesis FWIW. To not unnecessary polarize things, I have recently begun to play with schemes that unite these diverging PKI models, hopefully bringing out the best of both worlds. Or maybe it is just twice as hard? :-) Anyway, such a scheme has been submitted as a possible PKI Workshop 2005 item. thanx Anders R
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]