Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Babysteps
  • PKI
    • "Public Key Superstructure"
    • The importance of PKI today
    • Relationship Certificates
    • The "Security Printer" model for CA operations
    • Position Paper on PKI Governance in Australia
    • Position Statement on PKI of the Australian Security Industry
    • Audit based public key infrastructure
    • Privacy positive aspects of public key infrastructures
    • PKI Without Tears
    • Rethinking PKI - the electronic business card
    • Leveraging external accreditation to achieve PKI cross-recognition
    • Demystifying international cross-recognition of PKI
    • Will Biometrics Obsolete PKI?
    • Attribute Certificates and their Limitations
    • Problems in Mandating Strong Personal EOI in PKI
    • A vulnerability analysis of roaming soft certificate solutions
  • Privacy
  • Smartcards
  • eHealth
  • Identity & Authentication
  • Lockstep Technologies
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Return on Investment
  • Quotes
  • Links
  • Science generally
  • Downloads

Rethinking PKI - the electronic business card

Appeared in the international Secure Computing Magazine. It argues against one-size-fits-all "identity" certificates, because in business, we do not entertain stranger-to-stranger transactions. The paper also includes a useful taxonomy of electronic signature regulations.

Article featured in SC Magazine, June 2003

"In their earliest conceptions, digital certificates were proposed to authenticate unstructured transactions between parties who had never met. Certificates were seen as the sole means for people to authenticate one another. Most traditional PKI was formulated with no other context that might help its receiver decide whether or not to accept transactions. The digital certificate was envisaged to be your all-purpose digital identity.

"Orthodox PKI has come in for spirited criticism. Some find the traditional proof of identity to be intrusive. The one-size-fits-all electronic passport has certainly failed to take off. But PKI's critics sometimes throw the baby out with the bathwater.

"In the absence of any specific context for its application, orthodox PKI emphasizes proof of personal identity. Early certificate registration schemes co-opted general purpose identification conventions like that of the passport. Yet few, if any, traditional business transactions require parties to have sight of one another's passports or other personal documents.

"Instead in business we deal with others routinely on the basis of their affiliations, agency relationships, professional credentials and so on. The requirement for orthodox PKI users to submit to strenuous personal identity checks is a major obstacle in the adoption of digital certificates."

© 2008 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions