There is no real alternative to "PKI systems" but there is a large spectrum of things that could mean.
I guess I am referring to the use of a centralised certificate authority, and all the administrative problems (maintaining CRL lists etc) that involves.
Generally your options are as follows.
1. Self Sign your https certificates (cheap, but the warnings scare users)
I guess that encrypts the http traffic and identifies the server, but is not generally used to identify the client.
2. Create your own PKI server (cheap, but requires that the server be added as trusted and admin headache)
I agree.
3. Use a PKI vendor liek Verisign (expensive, but conservative) 4. Use a PKI vendor un-like Versigin (less expensive, and easy to set up)
In Australia, there is HESA (http://www.hesa.com.au), which provides this service. It is just complex to administer and for the end-users to configure/understand.
5. Use a gpg based infrastructure (doesnt easily support web browsers and most email clients require lots of setup to use)
This works on a "web-of-trust", type approach, which may not provide sufficient security in terms of client identification.
thanks
Richard
On Sat, 2003-12-20 at 06:26, Richard D Piper wrote:
I would be grateful for any advise regarding the secure transmission of patient data over the Internet. In Australia there is a PKI infrastructure (HESA) funded by the HIC (Health insurance commission). It works, but is quite complex.
I anyone aware of a better, public key cryptography system that could be used for this purpose, or even a PKI system that is successful and widely deployed.
thanks
Richard
-- Richard Piper
http://icu-web.org mobile:0438-120860 mail:[EMAIL PROTECTED]
