>Hmm, Anders, apologies in advance for the RTFM question, but can you >please summarise those two docs, or explain the essential points in more >detail?
That's the problem in a nutshell; there is no "FM"! The answer I'm looking for (but know is unavailable) is how to apply client/employee PKI to the scheme on p2 of: http://webpki.org/papers/web/A.R.AppliedPKI-Lesson-1.pdf I have even tried to get academia interested. The answer is always: "we don't do applications". Another example is NIST's b2b testbed that does not even mention the word security: http://www.mel.nist.gov/msid/b2btestbed Anyway, using a bank-like transaction backbone, you can create secure networks using very simple means, without having to implement PKI on the desktop. The latter then becomes a separate mission. Anders ----- Original Message ----- From: "Ian G" <[EMAIL PROTECTED]> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Sunday, November 30, 2008 02:19 Subject: Re: Creating a Global User-level CA/Trust Infrastructurefor SecureMessaging Anders Rundgren wrote: > Nelson B Bolyard wrote: > >> I have contacts in the former Soviet Union who claim that Russian banks >> now routinely require PKI hardware for authentication as a condition of >> online banking. > >> How sad that I live is a nation that is such a technological back-water. :) > > It sure is. The US is about the only major IT-nation where the government > haven't even the slightest embryo to an architecture for secure messaging > between agencies, not to mention between agencies and the private sector. > So far they have managed keeping this a secret, since nobody has been able > to decipher what the gazillion of "CIO-documents" littered with government > buzz-words like FISSMA actually means for an architect. > > Fortunately, most EU governments have (with the German-speaking regions > as the notable exception...), begun to build on architectures based on a > paradigm that banks established 3-4 decades before them: > http://webpki.org/papers/web/gateway.pdf > > Another strong reason for that is briefly described in this document: > http://webpki.org/papers/web/A.R.AppliedPKI-Lesson-1.pdf > It is fascinating meeting the consultants that the US government use, > who all claim that this is nonsense; FIPS201/PIV can do it all! > But since there is no bluprint supporting that position, progress > remains firmly stuck at zero. Hmm, Anders, apologies in advance for the RTFM question, but can you please summarise those two docs, or explain the essential points in more detail? iang _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto