OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Call for input: Asia PKIF Forum Panel Discussion


Dear All

The next meeting of the Asia PKI Forum (Taipei, September 13-15) features 
a panel discussion about PKI in the "ubiquitous network".  I will be 
speaking on the panel.  This e-mail is to invite input from the TC on this 
topic. 

Attached is the panel background.  I will also upload the conference 
program to the TC pages, for further information. 

As you can see, there is a certain emphasis on privacy and cybercrime.  I 
happen to have been working extensively on these topics in the past 12 
months, and I have also developed various views about embedded/automated 
client side PKI.  So my initial thoughts about the panel discussion are 
listed below.  

However, I would like to make sure that my presentation is reflective of 
the PKI TC.  So please let me have your thoughts too. 


-- NIST and others have concluded that the only way to prevent Man In The 
Middle attack (a major new vector for phishing and id crime) is PKI-
enabled smartcards.  This is a major indicator of the requisite widespread 
use of PKI and smartcards to protect privacy and combat cyber crime. 

-- Further, PKI offers ways to mask identities via anonymous digital 
certificates in order to deidentify such transactions as electronic health 
records, e-voting, online census collection etc. 

-- A major trend in PKI deployment worldwide is embedded digital 
certificates, whereby the technology is no more complex for users than are 
magnetic stripes on regular plastic cards.  Examples include EMV 
smartcards, e-passports, national identity cards, national health 
entitlement cards, and set-top cable TV boxes.  

-- Smartcards (and related mobile devices like cell phones and PDAs) can 
function as containers for multiple digital credentials.  This means that 
PKI need not lead to a single digital identity, and therefore PKI can be 
fundamentally privacy-enhancing.  


Comments are welcome!  If anyone is interested, further details on some of 
these thoughts are at 
http://www.lockstep.com.au/library/ehealth/a_novel_application_of_pki_sm
and
http://www.lockstep.com.au/library/privacy/submission_to_the_2005_senate


Cheers, 

Stephen.


Stephen Wilson
Lockstep Consulting Pty Ltd
www.lockstep.com.au
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046
Australia

P +61 (0)414 488 851

--------------------

About Lockstep 
Lockstep was established in early 2004 by noted authentication expert 
Stephen Wilson, to provide independent advice and analysis on cyber 
security policy, strategy, risk management, and identity management.  
Lockstep is also developing unique new smartcard solutions to address 
privacy and identity theft.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]