[LINK] What's changed in PKI? [was: Electronic witnessing ...]

Roger Clarke Roger.Clarke at xamax.com.au
Fri Jul 30 17:34:46 AEST 2010 

Great update tutorial, thanks Stephen!

But, moving onto some interesting specifics ...

At 17:04 +1000 30/7/10, Stephen Wilson wrote:
>The more modern PKI approach is to delegate "RA" functions to bodies
>that are already entrusted to perform enrolment in defined contexts (and
>dedicate the certificates to associated applications).  ...  I was
>involved in a pilot some years ago where Medicare's PKI "HeSA" issued
>digital certificates for small communities of interest like hospitals,
>and medical specialities, intended to be used only for select
>applications (like signing discharge summaries for a hospital where you
>work).  The idea was to carry forward to NEHTA.

Nicely nailed.

The concept of 'bodies that are already entrusted to perform 
enrolment in defined concepts' naturally leads to ... Medical 
Registration Boards - currently being merged into a singular - and/or 
Colleges like RACGP.

So what the blazes were the likes of Medicare and NEHTA doing in there??

[Sorry, but I just couldn't resist.]


>>  Has anyone ever implemented a private-key protection technology that
>>  can work in the wild, wild world of Internet-connected consumer
>>  devices (as distinct from tightly-controlled thin clients within
>>  closed networks)?

>Absolutely.  The best thing to do with private keys is keep them in
>personal hardware security modules, aka smartcards and their kin. ...

And what authentication mechanism protects against any old passer-by 
invoking the highly-secure signing capability on the chip?

Okay, there are many answers depending on the context, but:
(1)  every one of them needs a risk assessment to determine how much
      security is enough;  and
(2)  the nominal strength of the 1024/2048-bit asymmetric encryption
      is undermined by the inherent weakness of the invocation mechanism


-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list