ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Industry watch Toolkit

PKI is failing, say Sun and Microsoft

Peter Judge ZDNet.co.uk

Published: 09 Oct 2002 09:42 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Public key infrastructure (PKI), which was supposed to use public-key cryptography to set up a worldwide network of bodies authenticating digital signatures and certificates, has failed to take off because it is too complicated.

According to experts speaking at the RSA security conference in Paris, PKIs are simply more heavyweight than users were ready for, and key initiatives had failed to drive it into use.

"There are barriers of cost to PKI," said Craig Mundie, chief technology officer of Microsoft. "In general it will end up viewed as a heavyweight mechanism, compared to lower value mechanisms." He likened the requirement to that for multiple locks, from luggage locks to bank vaults.

"There are two things driving adoption of security techniques: cost and usability. If it is too hard to use or costs too much, users will reject it."

According to Whitfield Diffie, chief security officer of Sun Microsystems, the slow progress of PKI is due to the failure of big projects to promote it. "PKI will take off, but it has slow growth," said Diffie. "Two organisations in the US could have promoted it -- AT&T and the US National Security Agency (NSA). AT&T was broken up, and the NSA was balled up in policy initiatives. No one else has deep enough pockets or the moral authority to get PKI established."

The problem is that PKI is only really valuable when everyone else has it, said Diffie. "When only a few people have it, it is not worth adopting." In the mid-90s, NSA wanted to mandate an extra PCMCIA slot on laptops, said Diffie, which could be dedicated to authenticating users through a token on a PC card. The idea stalled, and no comparable scheme to introduce PKI has emerged.

There are still government-backed projects attempting to push the introduction of PKI. Microsoft is involved (along with Baltimore, RSA and Verisign) in one of these -- the PKI Challenge, a two-year project to test interoperability of PKI, backed by the EU and run by EEMA. Formerly known as the European Electronic Messaging Association, and dating back to previous (failed) government-backed efforts such as X.400 email, EEMA now calls itself the European Forum for Electronic Business.

Peter Judge reported from the RSA Conference in Paris.

For all your GNU/Linux and open source news, from the latest kernel releases to the newest distributions, see ZDNet UK's Linux News Section.

Have your say instantly, and see what others have said. Go to the Linux forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
59 out of 113 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Industry watch



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

SAP WM Consultant

Project Support Officer East Midlands Contract

Project Support Officer East Midlands Local Government

Featured Talkback

In association with Intel
When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal