Although Public Key Infrastructure (PKI) technology was a hot topic at the RSA Data Security Conference, the likelihood that a global PKI mechanism will emerge appears more remote than ever.
But many people believe there should be just one global PKI effort, which would mean each individual could be identified by a single digital certificate that was issued by a universally trusted body.
Digital certificates, which are issued, managed or retracted by a Certification Authority (CA) using a PKI mechanism, are an important component of public and private key encryption schemes. A certificate connects an individual to his public key, uniquely identifies him and enables other individuals to retrieve that key.
Customers can also use the key to encrypt email messages so that only the intended addressee can decrypt it with his private key.
Certificates likewise enable individuals to prove their identity online, for example, when logging onto a corporate extranet or when buying goods over the Internet, which means they are a key enabler for electronic commerce.
But, on the downside, certificates are only as trustworthy as the CA that issued them and no global PKI mechanism has emerged so far.
Instead, many companies are offering digital certificates over the Internet, while some enterprises are building their own internal PKIs with software from Entrust, VeriSign, Netscape or a fast growing list of other providers.
A number of different CAs such as VeriSign and Entrust are also currently attempting to build global networks.
VeriSign has established the VeriSign Trust Network, a network of interoperable CAs, and at the RSA Data Security show in San Jose this week, Entrust announced a similar scheme, dubbed Entrust Worldwide. Members commit to certain business practices and procedures, which make it easier for participating CAs to cross-certify their products, which means, in practice, accepting each other CAs? certificates.
But there has been some progress towards creating a PKI standard, and the X.509 digital certificate specification is now almost universally accepted.
The Internet Engineering Task Force (IETF) is also working on a PKIX standard to define interoperability between PKI mechanisms, which will make it easier for CAs to cross-certify their offerings - although this still requires some level of trust between the participants.
And establishing that trust may not be so easy. "VeriSign hates Entrust, and Entrust hates VeriSign," reveals one executive with an encryption company.
But Stephen Kent, GTE CyberTrust?s chief technology officer and chairman of the IETF working group that is defining PKIX, says: "I don?t believe there will be a global PKI. I think there will be a number of PKIs."
He continues that individuals are more likely to have ten or more digital certificates to certify their identity. "The challenge for technologists is to make this transparent to the user," he says.
Digital certificates will match the physical world, and there will be separate ID for different occasions in the same way many people today have multiple physical documents such as a driver?s license, passport, social security card or credit card.
But Kent believes there are two possible approaches to establishing a global PKI mechanism. One is to establish trust between different CAs, which is a difficult approach, and he says, not the best solution.
The other alternative is to change the basis on which certificates are issued and trusted. "Real world institutions ought to be the Certification Authorities, [at least] nominally," he argues.
He adds: "I am an employee of GTE, so my certificate should be issued by GTE" because corporations are best placed to know whether their own employees are who they say they are, although they could decide to outsource this function to a company like VeriSign, if necessary.
As for online shoppers and consumers, Kent believes credit card companies are the best placed to deal with this market.
New cable will connect Virginia to France
Loon's balloons will bring the internet to remote areas of the country
New clues into the biosphere on Earth in the lead up to the emergence of animal life
Planetary collision might shed light on the chaotic processes behind a star's early development