We will stick with the electronic ID example because
it exempli?¬?es the phenomenon well.
We are currently experiencing a Cambrian explosion of electronic
IDs (eID for brevity): different form factors, different tech-
The Babel of Cryptography 67
nologies, different intended usages, different requirements, and
different security guarantees. There are USB thumb drives with
?¬?ngerprint readers, plain smartcards, small number generators,
simple external storages, and so on. What??™s relevant in our context
is the usage of certi?¬?cates on eID. Again, there are many
different ?¬‚avors in this category alone. For the sake of our discussion,
we consider only those functionally equivalent to
smartcards (including smartcard themselves). We already described
the technicalities of smartcard usage, and hence we can
concentrate on the special features of applying this technology
to the case in point.
Here we have all the same problems we had with smartcards
outside of a corporate environment. Those are not unsolvable
problems, just very expensive ones. Actually, we also have some
new challenges induced by the intended usage of eIDs. Our
discussion of client certi?¬?cates so far has worked on the implicit
assumption that the certi?¬?cate is just the active part of the user
credentials, while the account (hence the identity) would live on
the machine offering the requested service.
Pages:
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131