Tuesday, October 26, 2004

PKI 'not working'

I still run into people who believe that PKI is a viable end-user authentication solution for the masses. My favorite were the systems that tried to solve the certificate portability problem by allowing download of certs from a website -- with only a password! The vendor couldn't see that it was no more secure than the password itself. Another case of "But this one goes to 11".


PKI 'not working'

The e-envoy's office has started searching for new ways to authenticate the users of e-services as existing technology is "not working", a senior UK Government official revealed on 11 June 2003.

Although PKI (public key infrastructure) and digital certificate technology has played a major role in leading projects such as the Government Gateway, there is now growing recognition that it is unsuited for wider public use.

While digital certificates would not be scrapped, and would be retained as an option for e-service users, one possible alternative being suggested is that employers, banks, the voluntary sector and other "trusted organisations" would verify a person's identity before transacting online for services.

No comments:

Post a Comment