[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio

To: "Stephen Kent" <kent@xxxxxxx>
Subject: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Date: Wed, 7 Apr 1999 00:45:43 +0100
Cc: <ietf-pkix@xxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Steve,

>>Of course, they are built on the fundamental principle that the
>>client always has the "final" cert and key.  CyberPhone is not.
>
>Yes, this is the assumption, and it is a widely held one.  To change it a
>lot of folks will need to be convinced otherwise.  You have a lot of work
>ahead :-)!


I know.  But its fun as well.

<snip>

>> Did you actually read the dynamic certs paper?

>Yes, and I don't buy all of it's premises.  The companies are the ones on
>the hook, as you say, but they also need individual accountability, hence
>the need for individual certs.

You got that in the CyberID.  Accountability is internal affaires is'nt it?

> Nobody has a lot of experience with large
>scale deployment of PKIs in these contexts, so a statement about the
>relative difficulties of deployment of certs to end users vs. the approach
>you propose is premature. Insecure servers are a growing problem for
>businesses, so I also challange your second assertion.

SET is an example of a large-scale PKI deployment that has _almost_
flopped due to some of the factors that CyberPhone solves. Like:

Certificate distribution
Thin client sw
Mobile universal usage

<large snip>
>Finally, your proposal is clearly focused on one particular deployment
>model, which may or may not be realized.  There are others, based on more
>computationally capable, mobile, personal devices, e.g., PDAs.

Computationally capable devices do not solve
client certificate or client software distribution.

The market for mobile phones is so much bigger than for other
devices (PDAs, PCs) etc. so IF this solution gets wide acceptance on
the mobile phone market - most other client PKI solutions MAY just die.
I.e. why pay additional money for certs, readers, software if your
employees already have a high-quality solution in their hands?

BTW, why do you think MSFT is so interested in the mobile phone market?
Because it is there the future of IT is happening!

> As I said
>before, you should pursue any implementation approach you think is
>fruitful, but don't ask this standards body to tailor parts of its work to
>facilitate your (decidely nont mainstream) approach to using certs.

It COULD  become mainstream...

Now we both know pretty well where we stand in this case so
could please somebody else comment on this? 

Anders

Follow-Ups:
- Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
  - From: Stephen Kent

Prev by Date: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by Date: RE: Certificates, Directories, and Distinguished Names
Previous by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Index(es):
- Date
- Thread