>Hmm, Anders, apologies in advance for the RTFM question, but can you 
>please summarise those two docs, or explain the essential points in more 
>detail?

That's the problem in a nutshell; there is no "FM"!

The answer I'm looking for (but know is unavailable) is how to apply
client/employee PKI to the scheme on p2 of:
http://webpki.org/papers/web/A.R.AppliedPKI-Lesson-1.pdf
I have even tried to get academia interested.  The answer is always:
"we don't do applications".

Another example is NIST's b2b testbed that does not even mention the
word security: http://www.mel.nist.gov/msid/b2btestbed

Anyway, using a bank-like transaction backbone, you can create secure
networks using very simple means, without having to implement PKI on
the desktop.  The latter then becomes a separate mission.

Anders


----- Original Message ----- 
From: "Ian G" <[EMAIL PROTECTED]>
To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org>
Sent: Sunday, November 30, 2008 02:19
Subject: Re: Creating a Global User-level CA/Trust Infrastructurefor 
SecureMessaging


Anders Rundgren wrote:
> Nelson B Bolyard wrote:
> 
>> I have contacts in the former Soviet Union who claim that Russian banks
>> now routinely require PKI hardware for authentication as a condition of
>> online banking.
> 
>> How sad that I live is a nation that is such a technological back-water. :)
> 
> It sure is.  The US is about the only major IT-nation where the government
> haven't even the slightest embryo to an architecture for secure messaging
> between agencies, not to mention between agencies and the private sector.
> So far they have managed keeping this a secret, since nobody has been able
> to decipher what the gazillion of "CIO-documents" littered with government
> buzz-words like FISSMA actually means for an architect.
> 
> Fortunately, most EU governments have (with the German-speaking regions
> as the notable exception...), begun to build on architectures based on a
> paradigm that banks established 3-4 decades before them:
> http://webpki.org/papers/web/gateway.pdf
> 
> Another strong reason for that is briefly described in this document:
> http://webpki.org/papers/web/A.R.AppliedPKI-Lesson-1.pdf
> It is fascinating meeting the consultants that the US government use,
> who all claim that this is nonsense; FIPS201/PIV can do it all!
> But since there is no bluprint supporting that position, progress
> remains firmly stuck at zero.

Hmm, Anders, apologies in advance for the RTFM question, but can you 
please summarise those two docs, or explain the essential points in more 
detail?

iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to