OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Raising a Web Sign std. in the PKI-TC

Dear List.
A few months ago I asked the PKI-TC chairs if they were interested in the development of Web Sign standards.  They indicated that they were interested in this.
For those who are not familiar with Web Signing, my definition is simply: A user with a web browser that signs a form (transaction) when connected to an on-line service of some kind.  Although little used in the US, these schemes have become very popular in the EU due to the fact that secure e-mail has proved to be close to useless with respect to encryption[*], as well as being static and non-interactive (did I hear "boring"?).
The question for me is in which way the PKI-TC could contribute to such developments.  There are BTW two radically different proposals.
Anders Rundgren's: A "compilation" of a number of schemes already in use by millions of people
Arshad Noor's: An effort to bring XML security and end-to-end security to web, similar to S/MIME, but considerably more ambitious
Anyway, before going further on this road, I would like to take the opportunity to describe what I feel could work.  I do not regard the PKI-TC as a design TC, but rather a lobbyist type of community.  Due to that, it seems that the most constructive thing the PKI-TC could do, is to use its influence on various players in this space.
If we OTOH believe that the PKI-TC has a design capacity as well, I strongly recommend creating a separate group and list for this purpose. To create a design group (requirement spec. to begin with maybe?) though requires that there are some designers out there who are willing to take on such a task. 
Anders Rundgren
*] "how do I send an encrypted message to the tax department" is a simple question that does not seem to have a reasonable answer in existing government PKIs.  Using the Web and HTTPS, mutual encryption comes at no cost.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]