However, it cannot be encrypted speci?¬?cally for any service. At
the issuance time of the eID, the target services are not known,
exactly like you didn??™t know which countries you would have
visited the day in which you got your passport. What works for
of?¬‚ine documents does not necessarily hold for electronic ones.
In the online world it is much easier to copy data just by seeing
them once, while at the same time it is much harder for the user
to understand what is going on in terms of information ?¬‚ow. As
a result, the system is prone to abuses, and the privacy of users
can be at risk.
There is another problem associated with data: Just as there??™s no
clear way of storing assertions on a certi?¬?cate, there??™s not a
place for the data in protocols either. The SSL speci?¬?cation mandates
where to put the certi?¬?cate in the communication streams
described by the various phases of the protocol. Everybody who
Using hard tokens
as electronic IDs
entails interesting
challenges
Even if a system
standardizes on the
use of certi?¬?cates,
certain aspects may
still prevent interoperability
The Babel of Cryptography 69
implements this function in his product will be reasonably sure
that he will interoperate with everybody else.
Pages:
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134