CFP: PKI research workshop

Ray Dillinger bear at
Tue Dec 25 12:35:25 EST 2001

On Sat, 1 Dec 2001, Carl Ellison wrote:

>To a large extent, the hoped-for public key infrastructure (PKI) has
>not "happened yet."  PKI for large, eclectic populations has not
>materialized; PKI for smaller, less diverse "enterprise" populations
>is beginning to emerge, but at a slower rate than many would like or
>had expected.  Why is this?

Inherent conservatism of the financial business world.  The only
way you're going to get a PKI going fast is if people can use it
to do financial transactions they couldn't do before.  I mean,
there are other uses for PKI, but money is the heart and soul of
it because money is usually the only application people have where
security is important to them personally.  And you're not going to
get people to use it for money unless you can do it while all the
bankers and all the merchants get to do business with the same
companies they're doing business with now, the relatively few
"people" whom they trust with their money.

So far, PKI's have been mostly advanced by new companies which don't
have hooks into the infrastructure of financial services yet.  So
you get failure of interoperability, and a certain amount of FUD.
The ones that have been advanced by the companies who are among the
trusted elite, have been incomplete or flawed on technical grounds
(although that may be less of a barrier to adoption than initially

It's not like these barriers are going to last forever; they're
getting used up, and companies like VISA are now trying to develop
some kind of authentication scheme.  But they're not used up yet.
Hey, don't be too discouraged; have a little perspective. It's
going a lot faster than the adoption of paper money went.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list