Reference design. Re: cert image I-D

["Anders Rundgren" <anders.rundgren@xxxxxxxxx>]

Hi Guys,

Siddharth wrote:
>However, we think that this is low-hanging fruit- where we can improve
>the experience of technology (X.509,PKI) that is already deployed
>without re-inventing a lot of the stack.

It is of course up to you to decide, but AFAICT there is no low-hanging
fruit when it comes to upgrading user-agents.

That is, if you want to see this running (ever) you should also consider
the adoption which IMHO should begin with enabling the functionality
in browsers.  Contributing code to Mozilla would be a good start
because then you get a reference design which I think is badly needed.

I'm personally going to cater for the adoption of KeyGen2[*] by making
(if I have time...) the implementation available as Open Source for WebKit
which has some 50% of the smart phone market share.  An advantage with
the mobile phone is that you avoid the unwieldy middleware situation in
PCs where the platform "competes" for the GUI with third-party middleware
which makes the user-experience quite horrible.  The tremendous success
of the iPhone indicates that there is more room for GUI innovation in this
space than in PCs.  As I have already said, the need for cert-images in
mobiles phones is also much bigger than on PCs because they can host
multiple credentials and also have limited screen real estate.

It will take 5 years or more to see who got it right :-)
The biggest hurdle is still status quo.

Anders

*] KeyGen2 is just one of the components of a completely revised
PKI client, loosly tailored after already established schemes in the EU.