Finessing PKI
PKI (public key infrastructure) is a ball and chain that
drags down our security efforts, all of which depend on the ability
to manage identity and trust. Last week I attended a conference on
digital identity, and I came away with some new perspectives on
PKI. For years, I've been frustrated by the abject failure of
client-side certificates. I have one, and I use it every day to
sign my e-mail messages, but no Web sites authenticate me based on
attributes of my cert, nobody encrypts e-mail to me using the
public key bound to every e-mail message I send, no smartcard
system has appeared (at least in the United States) to help me
manage my crypto keys conveniently and portably. "It's just a
matter of time," I keep telling myself, "but sooner or later, the
dam must break." [Full story at
InfoWorld.com.]
Former URL: http://weblog.infoworld.com/udell/2002/10/24.html#a480