[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pki-tc] DHS RFI
Anders, I suspect that DHS is getting roundly pummeled by the comments coming in - we had more that a dozen pages in our own response. As for your observations, keep in mind that PIV is much more than PKI. It's an identity credential for authentication to both physical and logical resources. The smart card vendors are in high gear to produce the cards. Moreover, Phase I is more about policies and processes - the PIV I cards only need to display FIPS 201 topology to conform and don't have to include anything electronic. You also need to understand the cultural differences here. Even if you could use a cell phone for logical access (notwithstanding issuance issues), you won't be able to have phones with non-forgeable visual attributes that will be acceptable for guards checking credentials for entry into a building. I'm having visions of everybody walking around federal buildings with cell phones dangling from their necks. Further, employee unions and contractors will be highly resistive to being required to have a cell phone that conforms to some standard that mandates government controlled capabilities on said device unless the government actually buys them, issues them and pays for any time usage. It would also require the government to buy all new computers that have the default hw/sw you believe will be manufactured in (oh, and require users and contractors working remotely to upgrade as well). So tell me, which is less expensive? Cell phones and computers for all or a smart card and reader? Have a good weekend. Paul Evans - Working for Booz Allen Hamilton but expressing personal opinion in this message - -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: Friday, June 17, 2005 5:23 PM To: Arshad Noor; PKI TC Subject: Re: [pki-tc] DHS RFI Arshad, I got the impression that they left out PIV/HSPD-12 in the *pilot*. That was IMHO a resonable step as there are not enough PIVs out there to motivate support of these. Due to the unavailability of readers they will soon also have to adapt the scheme to One Time Passwords (OTPs) as well, in spite of not even being mentioned in the plan. As they say in the Army: When the reality and the map does not not match - Stick to the reality! In Sweden, the last PKI-using bank has finally realized that the unavailability of WebSign standards and readers is a killer (for everybody) and have subsequently introduced "scratch cards". A low-tech, fully mobile, but reasonably secure solution that seems to catch on. Believe me, PIV, GSI and CAC cards will be obsolete the very moment Uncle Sam have poured the $BNs needed, as any medium-range mobile phone will be able to "dock" to a PC using an NFC/WLAN combo while the mobile CPU itself will have full TPM capability. And all this by using default HW + SW. It is interesting to note that neither banks or governments have any representation in TrustedComptingGroup: https://www.trustedcomputinggroup.org/about/members Yes, we are obviously talking 2010 here, but this is the actual speed of client-side PKI in the US, like it or not. For the org-to-org messaging it is still an open question where it is going. AndersR ----- Original Message ----- From: "Arshad Noor" <arshad.noor@strongauth.com> To: "PKI TC" <pki-tc@lists.oasis-open.org> Sent: Thursday, June 16, 2005 20:35 Subject: [pki-tc] DHS RFI Here is the RFI that specifically excluded PKI from its Identity Management project - shortsighted in my opinion. Feel free to let your DHS contacts know of the folly of ignoring PKI from its IdMS project. I've already done so. Arshad Noor StrongAuth, Inc. ------------------------------------------------------------------------ -------- --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]