Information Technology Reference
In-Depth Information
again because of the signature, because you need proof that this was indeed something
that someone had authorised.
And the same goes for some EOP systems in large organisations where you have
people requesting budgets and people authorizing budgets and people supplying various
things, and they do it using internal EOP systems or various other electronic forms, but
because of the signatures it ends up as paper again. Now you go to EMC and say that you
can save them this last piece of paper so why do they not use electronic digital
signatures? And they agree that this is a good idea. And then they look at what is
involved in setting up a digital signature system for 19,000 employees, and they decide
that paper is fine so they will just stick to the old way of working. Setting up a PKI
system is just going to be too painful for them. So this is the situation today and the
question is whether we can make the digital signature system simpler and therefore
affordable, and ultimately useful.
Why is today's technology so complex? Why is PKI so complicated? I can give you
my view on why PKI and the current technology is so complicated. The reason is that
PKI tries to solve too many problems with one solution. There is one solution that solves
all the problems. It solves your authentication problems, your encryption problems, your
digital signatures. In fact, it works in all environments, whether you are a large
enterprise or whether you are trying to solve a B-to-B problem, a B-to-C problem, or a
G-to-F problem. Tell me what your problem is and I will give you this small nuclear
reactor that you have to install at your data centre. It will solve all your problems and by
the way, it is a little bit sensitive and you have to take care of it and maintain it and set up
a help-desk with about a hundred people who constantly give you support, but - it solves
all your problems.
4.
KEYS AND USER MANAGEMENT SYSTEMS
Unfortunately it does not solve the most painful problem of all, which is the
management of the keys, those secret keys that people have to walk around with which
prove their identity and allow them to perform the signature operations. The solution for
managing those keys does not come with the existing PKI solution. So if you have to
deploy a PKI system for an organisation that has 30,000 users how do you manage the
keys? How do you make sure that people have access to these keys? When are they
allowed to access these keys and when are they not allowed to access them or are they
allowed to access them at all? How do you distribute these keys? How do you maintain
them? How do you make sure that when there are changes, these are reflected?
Unfortunately, there is currently no good solution to this problem. Some people give
smart cards or other solutions. I know this very well as we have sold solutions to many
companies. Hardware is expensive, as people tend to lose it or forget all sorts of
information in it. It is very difficult to synchronise it with the latest version.
Supposing you have 30,000 machines in your organisation, you now have 30,000
secret keys all over the place, but do you actually know that all these 30,000 PC's are
secure enough? What happens when someone wants to use the computer on his laptop,
in his office, his laboratory and then at home. You have to have import and export keys
and it just becomes a nightmare and you end up not using the system at all.
So, the solution is, as always in these cases, to specialise. Let us not try to solve all the
problems of the world with a single solution. Let us examine a very restricted form of the
Search WWH ::
Custom Search