[16257] in cryptography@c2.net mail archive
Re: Customs and Excise Electronic Returns
daemon@ATHENA.MIT.EDU (Ian Grigg)
Thu Sep 30 11:46:06 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 30 Sep 2004 00:03:13 +0100
From: Ian Grigg <iang@systemics.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Cryptography <cryptography@metzdowd.com>,
RISKS <risks@csl.sri.com>
In-Reply-To: <415AA520.7020301@algroup.co.uk>
Ben Laurie wrote:
> So, after all that, I totally understand why everyone thinks PKI is
> hard. I'm all for the username/password thing. Its free, too.
PKI, and the Customs & Excise's, mistake was to assume that a
key is only useful if it is signed by someone else. From a
system point of view, this will require massive benefits to
make it work. As there are few massive benefits if any over
a username / password combo, then that's what they'll use.
It might be worth pointing out to them that the US' Government
Accounting Office is downbeat on the use of PKI.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
