Michael,
It seems that you don't believe much in technical solutions as enablers.  As a 
technologist I have a bit hard to cope with that :-)

Let me take a practical example.  In the EU most on-line banks use two-factor 
authentication.  The majority of these use OTP (One Time Password) solutions 
that definitely not are without cost as well as susceptible to phishing. In 
addition OTP is not terribly convenient for users but that is (of course) 
something the banks care a little bit less about.   So why don't they use PKI 
instead?

Some people say it is because PKI is difficult and introduces legal and 
liability hurdles.  IMNSHO this is total BS since a bank-local PKI isn't 
designed to work outside of the bank's domain.  PKI in such a setup is just 
another kind of password.

So what is then real problem?
1. The European Smart Card industry who do not want to become suppliers of 
commodities.  Of course the latter is a REQUIREMENT for general deployment
2. Governments who believe that ID-cards and eID are natural combos in spite of 
the fact that USB and USB memory sticks are everywhere, while the traditional 
smart card interface is not.  
3. Governments claiming that the use-case for physical IDs and eIDs are 
essentially the same
4. Governments that do not understand that their eID concept does not address 
more than a tiny fraction of their citizens' needs for authentication on the 
Internet
5. Governments investing in stuff like CEN 15480 and ISO/IEC 24727
6. Governments pushing bizarre Bridge CA concepts

PKI for consumers will become bigger than OTP when PKI is housed in mobile 
phones although initially OTP will be used in mobile phones rather than by 
special-purpose devices.  To achieve that we need a whole bunch of enablement 
technologies.  Most of the PKIX enrollment stuff will be obsolete in 5-10 years 
from now because it doesn't meet the requirements imposed by the "Open Key 
Container" paradigm which I and A LOT OF OTHER PEOPLE actually work with.  No, 
the SIM is not the target because it is closed key-container with limited 
capacity.  The Open Key Container is a part of the CPU.  It is already shipping 
in huge quantities, it is "just" not properly enabled.

The problems with mobile phone security issues are exaggerated and are also in 
no way cast in concrete.  If the requirement is "perfect" security, we have to 
accept that nothing will happen.  If we OTOH accept the notion that security is 
rather a "journey" we may indeed do some progress.  Google's Android as well as 
Symbian 9.3 are not comparable to Windows which indeed has a broken security 
model.

I don't expect a reply on this because it will anyway take some five years or 
so to figure out if the above is correct or not.

Anders

----- Original Message ----- 
From: "Michael Ströder" <[EMAIL PROTECTED]>
Newsgroups: mozilla.dev.tech.crypto
To: <dev-tech-crypto@lists.mozilla.org>
Sent: Wednesday, November 26, 2008 18:18
Subject: Re: Creating a Global User-level CA/Trust Infrastructure 
forSecureMessaging


Anders Rundgren wrote:
> Ian G wrote:
>
>>> => Encrypting/signing must be made a business requirement in contracts.
>>> That's the whole point. And there's no technical solution for it.
>
>> That's as close to a perfect dilemma as I've come across!  It's not a
>> business requirement, so we must make it a business requirement ...
>
> Another alternative is to

Anders, still you fail to see the real problems since you propose
technical solutions for non-technical issues.

But let's see:

> 1.  abandon non-scalable trust infrastructures such as the one required by 
> S/MIME

Why "non-scalable"? Can you be more verbose?

> 2.  abandon schmes that use explicit encryption keys like S/MIME

Are you aware of the requirements for separate encryption keys? Some
companies have the legal requirements for key escrow in litigation
cases. That's the main reason why encryption and signature keys are
separated.

> 3.  introduce secure mobile secure key-storage

Ah, yeah. Did you ever think of a growing key history and such?

> 4.  put the latter in cell phones

Even cell phones can break. And I don't consider them to be trustworthy
key stores
1. with all the control the cell phone provider has over them,
2. all the gadgets installed with security issues,
3. with the limited data storage size on today's SIM cards.

And the main point: You fail to explain how trust is to be established.

Ciao, Michael.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto 
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to