Comments to many people at once.
Michael Ross wrote: > I just found this today........ > > http://www2.cio.com/research/security/edit/a05232002.html Wow, this is quite negative. Some factors that I don't see are: There are currently several huge tenders being prepared from European countries because the EU is forcing a PKI/TTP infrastructure on them to enable e-commerce. They should all have had the legal framework in place on July 19th last year, but bureacracy generally was in the way. Ccertain large organisations have committed themselves to the technology. For instance SURFnet, the Dutch higher education and research network is really pushing it. OK, they are extremely inovative (Internet Land Speed record, first native IPv4 + IPv6 network in operation, first intercontinental light only network etc.), but they will push all their users to PKI in a few years (12.5% internet users in the Netherlands). IIRC same in Germany, and some other European countries. I can understand that it won't help the business, the players are all big enough to dictate terms and go for a beauty contest instead of a normal contract, but it will give PKI a lot of momentum. And they don't suffer from the problem for which .NET My Services was burned at a stake, i.e. distrust of the objectives of the operator of the TTP. >>>>[EMAIL PROTECTED] 05/22/02 07:52PM >>> >>> > I'd suggest at least > looking into a PGP solution though if it fits though. I would expect somebody using an email address of the Ottawa Police to be part of an hierargical organisation which should not overlook X.509 (there are some serious advantages over PGP). If the actual implementation is your concern that is (generally web developers don't decide which PKI to implement). > ----- Original Message ----- > From: "Rollo, Jeff" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, May 22, 2002 3:40 PM > Subject: RE: PKI > >>You are right (Public), and that was what my brain thinking, but not what > > came out of the fingers. The poorly worded question just shows how little I > know about PKI. To sign a document or email, etc. there must be some type > of electronic file to sign. So I guess my question is can have user > (intranet only) fill out a CF form and then create a electronic version of > it on the users PC so that the PKI software can then sign it? Is that really necessary or is it sufficient if the actual CF form submission is signed? >>----- Original Message ----- >>From: "Rollo, Jeff" <[EMAIL PROTECTED]> >>To: "CF-Talk" <[EMAIL PROTECTED]> >>Sent: Wednesday, May 22, 2002 11:42 AM >>Subject: PKI >> >>>We are going to be implementing PKI (Personal Key Infrastructure) in our >> >>organization. As the designated web guy I was wondering; >> >>>1) does (or will) Cold Fusion have any means of integrating with PKI I'm afraid I didn't see support for the LDAP "compare" action in the CF 5 manual. And since it being used is the only thing I remember from the discusion on this particular implementation I'm afraid I can't help you here. Jochem ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
