Anders Rundgren wrote:
Nelson B Bolyard wrote:
I have contacts in the former Soviet Union who claim that Russian banks
now routinely require PKI hardware for authentication as a condition of
online banking.
How sad that I live is a nation that is such a technological back-water. :)
It sure is. The US is about the only major IT-nation where the government
haven't even the slightest embryo to an architecture for secure messaging
between agencies, not to mention between agencies and the private sector.
So far they have managed keeping this a secret, since nobody has been able
to decipher what the gazillion of "CIO-documents" littered with government
buzz-words like FISSMA actually means for an architect.
Fortunately, most EU governments have (with the German-speaking regions
as the notable exception...), begun to build on architectures based on a
paradigm that banks established 3-4 decades before them:
http://webpki.org/papers/web/gateway.pdf
Another strong reason for that is briefly described in this document:
http://webpki.org/papers/web/A.R.AppliedPKI-Lesson-1.pdf
It is fascinating meeting the consultants that the US government use,
who all claim that this is nonsense; FIPS201/PIV can do it all!
But since there is no bluprint supporting that position, progress
remains firmly stuck at zero.
Hmm, Anders, apologies in advance for the RTFM question, but can you
please summarise those two docs, or explain the essential points in more
detail?
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto