----- Original Message ----- From: "Scott Guthery" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, January 12, 2004 02:07 Subject: [Muscle] White Card
>Does anyone really wonder why the European card model never gets beyond >the "Hey, kids! Let's write another smart card standard!" stage? Agree 100%. >Trust is not transitive. The only multitrust token that will ever fly is the white >card. That means that you in essense say that TTPs don't work. We already use TTPs since a long time ago for physical IDs in many countries and making IDs electronic is no different, it is just a "form-factor" question. It is interesting to see these EU-projects where governments have a role as TTPs for IDs when the "market" is really banks who take on this role. Which BTW they are pretty well geared for compared to the governments as owning a bank- account in most "regimes" requires that the customer is identified, while on-line banking requires electronic identification systems. That is, banks' own needs matches the needs of e-governments. At least if you look on this over a 3-5 year period. >The TCPA architecture and Global Platform finally got it right. The card holder >is the card issuer. I can't say I know too much about TCPA but if certificates are created by a TCPA-local CA, I doubt this will compete with TTPs like banks. Or are you only referring to key-pairs? Then I agree, but that does not make you an issuer. An issuer binds the key to a name and if you do that yourself you have not proved very much. Cards are likely to be a lost case for ID although the following guys http://www.mobilemonday.net/mm/event.php?id=11 got it all wrong. The mobile platform will be "liberated" from the operators and then the banks (et.al.) can use this as a "card". As well as anybody else like your employer. >IMHO, as always. Same here :-) Anders -----Original Message----- From: Peter Tomlinson [mailto:[EMAIL PROTECTED] Sent: Sun 1/11/2004 6:41 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Muscle] muscle applet deletion of keys, change of parms Work that I did for the eEurope Smart Cards GIF project last year took on board for editing a set of documents put together by a group of experts who had discussed national ID card scheme requirements across Europe. They came to the conclusion that a central administration (i.e. govt) would take to itself the roles of card issuer, application issuer, personal certificates issuer and key pair generator - and that the certificates in the card would never have their keys changed. If a key was to be revoked, the card would be re-issued. However, that would not stop a third party loading a second PKI app onto the card, probably using attribute certificates, and capable of having certificates deleted and new ones added. See OSCIE GIF at www.eeurope-smartcards.org - click on OSCIE Index and download Volume 3. Peter ----- Original Message ----- From: Peter Williams <mailto:[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Sunday, January 11, 2004 5:21 PM Subject: Re: [Muscle] muscle applet deletion of keys, change of parms <Take peter Williams list of assumptions as read> / _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
