Re: [pki-tc] Call for input: Asia PKIF Forum Panel Discussion

["Anders Rundgren" <anders.rundgren@telia.com>]

Stephen,

We probably all have our own agendas so I cannot really ask for
you to run my take on the PKI business, which is essentially saying
that securing the enterprise and securing enterprise-2-enterprise
information exchange are two separate issues that IMHO benefit from
being separated.

In Asia they have apparently bought into the end-to-end security model.

But every financial institution have a different security solution for backend
bank-2-bank transactions (like SWIFT) than they have for their employees.

=================================================
My blunt question is simply: Do the Asian PKI people believe that banks
have gotten this wrong and should change to full end-to-end security?
=================================================

In fact I think this question might as well be answered by the PKI-TC members
as it in its simplicity actually holds the blueprint to the PKI of the future. 

regards
Anders

----- Original Message ----- 
From: "Stephen Wilson" <swilson@lockstep.com.au>
To: <pki-tc@lists.oasis-open.org>
Sent: Tuesday, September 13, 2005 01:28
Subject: fwd: [pki-tc] Call for input: Asia PKIF Forum Panel Discussion



Hi everyone

I'm in Taipei now, about to start the Asia PKI Forum meetings, and making 
last minute preparations! 

These include getting ready for my panel discussion on Thursday regarding 
security, privacy, and cybercrime in the ubiquitous network, as discussed 
a couple of weeks ago. 

Does anyone have any last minute thoughts please on these topics, per my 
request below?  

Absent any feedback from the TC, my remarks to the conference will 
concentrate on the need for EMV and other smartcards to be pushed much 
harder, with embedded PKI for mutual authentication, protecting against 
MITM, phishing and spam, and providing the privacy enhancing options of 
multiple personae, control over one's keys, and decoupling of names from 
identifiers.  

Thanks for any input.  Cheers, 

Stephen Wilson.




    
Forwarded Message:
--
From:    Stephen Wilson
To:      pki-tc@lists.oasis-open.org
Subject: [pki-tc] Call for input: Asia PKIF Forum Panel Discussion
Date:    Aug 30, 2005
--

> 
> Dear All
> 
> The next meeting of the Asia PKI Forum (Taipei, September 13-15) 
features 
> a panel discussion about PKI in the "ubiquitous network".  I will be 
> speaking on the panel.  This e-mail is to invite input from the TC on 
this 
> topic. 
> 
> Attached is the panel background.  I will also upload the conference 
> program to the TC pages, for further information. 
> 
> As you can see, there is a certain emphasis on privacy and cybercrime.  
I 
> happen to have been working extensively on these topics in the past 12 
> months, and I have also developed various views about embedded/automated 
> client side PKI.  So my initial thoughts about the panel discussion are 
> listed below.  
> 
> However, I would like to make sure that my presentation is reflective of 
> the PKI TC.  So please let me have your thoughts too. 
> 
> 
> -- NIST and others have concluded that the only way to prevent Man In 
The 
> Middle attack (a major new vector for phishing and id crime) is PKI-
> enabled smartcards.  This is a major indicator of the requisite 
widespread 
> use of PKI and smartcards to protect privacy and combat cyber crime. 
> 
> -- Further, PKI offers ways to mask identities via anonymous digital 
> certificates in order to deidentify such transactions as electronic 
health 
> records, e-voting, online census collection etc. 
> 
> -- A major trend in PKI deployment worldwide is embedded digital 
> certificates, whereby the technology is no more complex for users than 
are 
> magnetic stripes on regular plastic cards.  Examples include EMV 
> smartcards, e-passports, national identity cards, national health 
> entitlement cards, and set-top cable TV boxes.  
> 
> -- Smartcards (and related mobile devices like cell phones and PDAs) can 
> function as containers for multiple digital credentials.  This means 
that 
> PKI need not lead to a single digital identity, and therefore PKI can be 
> fundamentally privacy-enhancing.  
> 
> 
> Comments are welcome!  If anyone is interested, further details on some 
of 
> these thoughts are at 
> http://www.lockstep.com.au/library/ehealth/a_novel_application_of_pki_sm
> and
> http://www.lockstep.com.au/library/privacy/submission_to_the_2005_senate
> 
> 
> Cheers, 
> 
> Stephen.
> 
> 
> Stephen Wilson
> Lockstep Consulting Pty Ltd
> www.lockstep.com.au
> ABN 59 593 754 482
> 
> 11 Minnesota Ave
> Five Dock NSW 2046
> Australia
> 
> P +61 (0)414 488 851
> 
> --------------------
> 
> About Lockstep 
> Lockstep was established in early 2004 by noted authentication expert 
> Stephen Wilson, to provide independent advice and analysis on cyber 
> security policy, strategy, risk management, and identity management.  
> Lockstep is also developing unique new smartcard solutions to address 
> privacy and identity theft. 
>  
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in 
OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
> 

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php