Please respond by e-mail in case you have a comment to the following. Web (browser) PKI Standards - A study ----------------------------------------------
I have on behalf of a client, taken the liberty to investigate the state of client-side PKI support in web-browsers with respect to standards and interoperability. There were several reasons for performing this study, and a major such was that we have found that none of the pretty large Nordic e-government initiatives and on-line banks, actually use the browsers' built-in client-side PKI mechanisms at all, most of them rather rely on Java applets developed by various ISVs. The reason for this is very obvious: ============================================= Practically every aspect of client-side Web-PKI, ranging from on-line key generation and certification support to on-line (web-form) signing, is currently entirely vendor-dependent ============================================= Assuming that there will be billions of users of Web-PKI in a few years from now (here adding the crowd likely to use "The Mobile Internet"), it seems that there are quite a few things that need to be fixed. Regards Anders Rundgren Independent Consultant, PKI and e-business + 46 70 627 74 37 (on CET) _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
