On Tue, Feb 10, 2009 at 11:52 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > Speaking to Anders's point about provisioning, I think the largest > deployment of client certificates in the US government is probably the DoD > PKI implementation, where they solved the provisioning problem in a brute > force manner by giving everybody hardware tokens. In other cases you'd have > to give some people some incentive to participate; the PTO might be a good > place to do so because there's a community of people (e.g., patent and > trademark lawyers) who regularly interact with the PTO and are motivated to > get in compliance with whatever security measures the PTO puts into place.
The US court system (http://uscourts.gov/) requires usernames and passwords for attorneys to be able to upload electronic case documents. (Oh, yeah, and they also require electronic document submission by those entities capable of it.) These are provisioned in the same kind of time-consuming "physically mail out a PIN" manner as the USPTO's sign-up process. The USPTO effort is unique as far as I can tell because it invites anyone who wants to submit a patent application to take part in it. > Maybe for a restricted community like tax preparers, but I think the chances > of any nationwide certificate use by all taxpayers are very low given the > failure of past efforts (like those of the USPS) to establish a general US > government-to-citizen PKI. The USPS effort was unfunded -- to be perfectly honest, the USPS is the perfect agency to be able to do higher-level identity validations (their representatives are everywhere), but their main purpose is so different from the identity verification requirements of a government-to-citizen PKI that if the US government wanted it to happen, the US government needed to funnel money into the program to make it work. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
