PKI implementation is running well here in the Brazilian government. We have laws and a national PKI (ICP-Brasil) already supporting digital signatures. The next step is to officially implement a long-term digital signature schema, based on RCF 3126.
I think that our government structure strongly contribute for this. The policies and laws here are more centralized. It doesn't differs significantly among the states of the federation. Regards. Bruno de Paula Ribeiro Analista de Sistemas (11) 4501 1886 Certisign Certificadora Digital certisign.com.br -----Mensagem original----- De: dev-tech-crypto-bounces+bribeiro=certisign.com...@lists.mozilla.org [mailto:dev-tech-crypto-bounces+bribeiro=certisign.com...@lists.mozilla.org] Em nome de Frank Hecker Enviada em: terça-feira, 10 de fevereiro de 2009 17:53 Para: dev-tech-crypto@lists.mozilla.org Assunto: Re: Application of client certificates on a US government website Kyle Hamilton wrote: > Hey, I just ran into the first application of client certificate > authentication requirement on a public US government website that I've > seen. As Nelson write, this isn't really SSL client auth per se, but I agree it is interesting. > Personally, I think this is a huge step forward. While it's still a > niche market, the fact that a US government organization is willing to > do this suggests that others might in the future. Speaking to Anders's point about provisioning, I think the largest deployment of client certificates in the US government is probably the DoD PKI implementation, where they solved the provisioning problem in a brute force manner by giving everybody hardware tokens. In other cases you'd have to give some people some incentive to participate; the PTO might be a good place to do so because there's a community of people (e.g., patent and trademark lawyers) who regularly interact with the PTO and are motivated to get in compliance with whatever security measures the PTO puts into place. > (I'm thinking I'd > eventually like to see this with the Internal Revenue Service. ;) ) Maybe for a restricted community like tax preparers, but I think the chances of any nationwide certificate use by all taxpayers are very low given the failure of past efforts (like those of the USPS) to establish a general US government-to-citizen PKI. Frank -- Frank Hecker hec...@mozillafoundation.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
