Excerpts from a recent (non-public) PKI discussion paper: -- Snip --
Email Distributions The most recent dispatching of certificates was to 126 countries, being those who have provided an email address. The following table records the outcomes. INCIDENCE DISPOSITION / OUTCOME Dispatch confirmed as delivered 11 Dispatch confirmed as delivery failure 25 Nil response received after 10 days 90 --------------------------------------------------------------- Total 126 -- Snip -- CRLs are even worse: -- Snip -- On the basis of the above data, as well as data derived from the other distributions over the last 12 months, it is *highly unlikely* that a State would receive an urgent-type CRL from any other State within the 48 hours timeframe specified in the PKI Technical Report. -- Snip -- And: -- Snip -- Over the course of the last four dispatches of PKI certificates, very few of these countries have positively acknowledged receipt of these certificates. Of the 31 countries currently issuing ePassports we have only received certificates from 14 countries in reply. -- Snip -- Finally: -- Snip -- Conclusions Distribution of PKI Certificates Bilateral distribution of PKI certificates does not work effectively or reliably. [...] Certificate Revocation Lists (CRL) Issuing States have a responsibility for promptly advising all other States that a certificate revocation has occurred. Currently there is no system capable of achieving delivery of a CRL to all States within 48 hours. [...] -- Snip -- As Carl Ellison put it, "Plenty of PK, precious little I". Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
