Finessing PKI

PKI (public key infrastructure) is a ball and chain that drags down our security efforts, all of which depend on the ability to manage identity and trust. Last week I attended a conference on digital identity, and I came away with some new perspectives on PKI. For years, I've been frustrated by the abject failure of client-side certificates. I have one, and I use it every day to sign my e-mail messages, but no Web sites authenticate me based on attributes of my cert, nobody encrypts e-mail to me using the public key bound to every e-mail message I send, no smartcard system has appeared (at least in the United States) to help me manage my crypto keys conveniently and portably. "It's just a matter of time," I keep telling myself, "but sooner or later, the dam must break." [Full story at]

Former URL: