Google Site Search

Google
 

Sunday, November 4, 2007

Death of PKI?

I hear stories about how PKI has not really taken off in the public domain even though it promised to solve a lot of issues with Internet Security.

Ever since Baltimore Technologies demise, PKI has really taken the backseat in terms of mindshare etc.
Baltimore's death spells gloom for PKI

I also read this humorous post by Gerry Gebel at the Burton Group.
When PKI meets the real world


I know that PKI has affected you or your enterprise in some form over your lifetime. What are your experiences with it?

Do you agree with the claim made that the "Death of PKI" has occurred?

Maybe I will ask Dr.Philip Hallam-Baker from Verisign next time I meet him .....

Interesting comment during the 3rd Annual PKI R&D Workshop.
As in other sessions, prominent themes of the discussion were that technology is a much smaller part of the problem than understanding the business needs of PKI implementers and selecting tools accordingly, and that when this is done, PKI can thrive. Bill Burr observed that the math in PKI is so cool that we try to bring everything up to its standard; instead we need to figure out how people can use PKI without understanding any of the esoteric details. Rich Guida noted that he sometimes feels like he and all the people who talk about the death of PKI dwell on "different planets;" in the pharmaceutical sector in particular, the use of PKI is "blossoming." Pawluk encouraged the group to get involved in the work of implementing the PKI Action Plan, and noted that the OASIS PKI Technical Committee that's driving it (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=PKI) usually meets via telephone.


If you read the statement from Internet2 for the 5th Annual PKI R&D Workshop, it makes me wonder further:
The mathematics of public key cryptography is delightful, and critical to online security, but we still have much to learn about applying it in the real world in ways that are easy for humans to understand and use. Come join with experts from NIST, NIH, private industry and universities around the world for our fifth workshop on overcoming the challenges.


In my view, PKI is not dead. It is just that the original intent of the public having their own public key has not been realized.

No comments: