[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DoD's smart card program

To: <ietf-pkix@xxxxxxx>
Subject: DoD's smart card program
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Thu, 20 Dec 2001 03:49:37 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

For people interested in smart PKI-cards

[extracts from mailings with a major PKI vendor]

The only *advanced* smart card that so far has been a smash hit
is the ubiquitous SIM-card that has been delivered in over
*one billion* copies.

These 1 billion SIM-cards are *fully interchangeable* in any
compliant GSM-phone.  No SW installation required!

What does this say: In order to succeed with a PKI-card, you must
define a "card-edge-standard" that supports a *deliberately limited*,
*well-defined* set of commands (i.e. a profile).

The Operating System-thing that people are fighting about is
just a very *time-consuming*, and *contra-productive* "detour",
as SIM-cards works without requiring a specific OS.
There are at least 10 different card-OSes that are up to the task
supporting a PKI card.

Unfortunately the PKI-industry lacks players like Ericsson and Nokia
that defined the rules for the SIM-manufacturers, so I guess the PKI-
cards will continue [year after year] to be a battleground (playground?)
instead of simply products.


[A response to a person involved in DoD's huge smart card program]

All this sounds great but the program you are mentioning is unfortunately
just one of several such activities going on.   I also see a lot of
references to Java in your message.  This is exciting as a technology
but SIMs shows that you don't need Java [in the card].   I guess DoD are
into multi-function cards which indicates multi-issuers etc?
Personally, I think all this will fail completely due to *endless*
political and technological fights.  Also interoperability
is a *tremendous* problem when you run "arbitrary" applets
in the smart card, as it is a "client-server" solution with all
the associated problems .  Unlike a simple PKI-card which is
a "thin client" where the "intelligence" is somewhere
else.  I thought the SW industry had already learned this lesson?

>Another issue is finding the appropriate standards body to endorse
>a card-edge standard.  A DoD standard, for example, will not
>likely be embraced by the european community.

This is indeed where the PKI industry seems to halt.   My hope was that
somebody would launch a $5-$7 pre-personalized PKI-card that
*anybody* (except you know who...) could buy over the net in quantity #1 and up,
*free* SW and is compatible with Windows' CSP and with any CA.
Marketing and selling, instead of waiting on yet another standard.

Is this *technically* possible? Yes, GemSAFE et al are essentially having
this today (although GemPlus have yet to write a CSP that works).

Will this happen? I don't think so.  Beacuse we are dealing with
"smart" cards created by considerably less "smart" manufacturers.

Regards
Anders Rundgren

Prev by Date: Name constraints
Next by Date: SLC minutes
Previous by thread: Name constraints
Next by thread: pkcs #6
Index(es):
- Date
- Thread