[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Candidates for OASIS PKI TC Chair
>Businesses continue to search for the elusive silver bullet to >solve their security problems - but it is my belief that until >they start using PKI in many different aspects of their IT infra- >structure (along with appropriate changes to applications, >business processes and employee training), that silver bullet >will continue to elude their grasp. I think businesses should be cautious embracing a technology that not even the people who claim to know PKI, know how to apply to everyday business processes such a e-purchasing. Until such knowledge becomes common, agreed upon, and published[*], businesses betting on PKI are at risk being stuck in pretty "consultant-intensive" activities. That "secure e-mail" currently is being redesigned from the ground and up (DKIM), is another indication that the previous generation of PKI "theologists" did not actually foresee the Internet revolution. The problem is that S/MIME effectively delegates security policy enforcement down to the [nowadays often rather novice] users. The following is how secure e-mail should have been: "If I send a mail via my company, it is my company that secures it" If any of the TC chair candidates have the guts to address any of these issues, he or she has my full support. Anders Rundgren *] Go to NIST's PKI pages. Nothing Go to PKI-TC AGSC pages. Nothing Go to PKI-*. Nothing
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]