http://epso.jrc.es/newsletter/vol12/docs/ePSO-N12.pdf
It is interesting to note that there seems to be an infinite number of answers to the eternal question why PKI is not taking off. Particularly since there are over a 100 million of happy PKI-users on the Internet using - [WEB] SERVER-PKI. I note that the US Government is apparently looking at using ID-portals instead of cards and I think this will make not only Finland the "Banana Republic of PKI" [taken from the article above], but the entire Europe. B2B will use digital signatures and XML to replace EDI and X.400 using the same already proven concept - SERVER-PKI. Probably using the same issuers (e.g. VeriSign). But are such signatures really legally binding? Rhetoric answer: Are leased lines, X.400 and SMTP legally binding? Of course not, which means that there is really no problem to solve! SERVER-PKI does anyway do a much better job than leased lines and X.400 as it provides us with TTP-issued non-(technically)forgeable business identities, message tamper-control, and encryption for free using SSL/HTTPS. Now back to digital signatures and individuals, I still believe authentication is the killer app. Unfortunately the Finish ID-cards are incompatible with Windows 2000 domains so every company must set up a Windows CA anyway. Then the Finish ID-cards also require expensive proprietary software to be used on a PC. The maker of the Finish ID-card also do not sell and en-user PKI- card which makes the market small and prices high. Public question: Is there any cheap PKI-card available that a company could buy directly on the net in quantity one and up? That also offers free Windows SW? I have searched so far in vain. Until these problems are solved, TTP-based, PKIs for individuals simply gets nowhere. Anders Rundgren
