[Top] [All Lists]

Re: e-Government uses "Authority-stamp-signatures"

2002-12-14 10:13:11


Late-breaking news received off-list!  Apparently the Estonian 
( )
and Italian e-Governments are also working along similar lines
as their Swedish counterpart.  Everybody seems wanting to get
credit for being a part of the paradigm-shift!  Who's next? :-)

now to the technicalities....

As you probably have noted, technologies for server-based secure
messaging are currently in a state of extreme flux, so all efforts
are likely to be more or less "home-brewed".  Or built on s.c.
"standards" that are obsoleted a year or two after being intro-
duced which is about the same thing. :-(

I believe that DOMSEC has unfortunately already met its maker.
Even SMTP and S/MIME will diminish in importance due to the
"Web Services" craze.  The practically "frictionless" [transport]
encryption offered by HTTPS as well as the support for synchronous
operation are absolutely crucial in many scenarios.   SMTP will
in the O2O context probably be "degraded" to a user-notification-
tool for otherwise Web Services-based messaging and work-flow.

Long-term all these systems will probably (hopefully?) converge into
"true" Web Services using WS-Security and XML Signatures.

Anders R

----- Original Message ----- 
From: "Peter Gutmann" <pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz>
To: <anders(_dot_)rundgren(_at_)telia(_dot_)com>; <ietf-pkix(_at_)imc(_dot_)org>
Cc: <ietf-smime(_at_)imc(_dot_)org>
Sent: Saturday, December 14, 2002 03:45
Subject: Re: e-Government uses "Authority-stamp-signatures"

[CC'd across to ietf-smime]

"Anders Rundgren" <anders(_dot_)rundgren(_at_)telia(_dot_)com> writes:

It may be interesting to know that Swedish authorities are currently
launching a Web Services-like system called SHS, where authorities
communicate with each other through web-server "nodes" where out-going
messages are automatically signed by the authority identified as an "entity"
(organization), rather by an individual associated to the authority.

Does this follow a particular model like DOMSEC, or is it yet another roll-
your-own?  There appear to be a number of groups doing DOMSEC-like things, but
everyone's doing it differently...


<Prev in Thread] Current Thread [Next in Thread>