[Top] [All Lists]

e-Gov: Distributing confidential information

2003-02-15 09:17:20

Here are some thoughts regarding how e-governments (and companies)
could efficiently distribute confidential information to citizens 
(or employees).  Note: The following discussion only applies to
information from an (non-personal) authority to an individual.

In spite of being the foundation for many PKI-based ID-programs,
I doubt that S/MIME will play any major role in e-government
systems as these typically are built as on-line (web-based) services.

The problem
Now, in case a government authority is to send you confidential
information, I believe they should not use encrypted mail as this
will most likely lead to huge support problems with key-
distribution, key-expiration etc.

A simple remedy
e-Governments could preferably e-mail the recipient a web-link (or just
a notification) that he or she uses to fetch the confidential information with.
That is, after the recipient have authenticated to the on-line authority.
This scheme is also aligned with an "account-based" authority where
you may have tasks in various stages.

The "web-way" allowed on-line banks to address the ordinary consumer
and is proven to work on a major scale, while signed and encrypted
mail is after more than ten years, still very sparsely used.

My 2 cents.

Anders Rundgren
Consultant, PKI and secure e-business
+46 70 - 627 74 37

<Prev in Thread] Current Thread [Next in Thread>
  • e-Gov: Distributing confidential information, Anders Rundgren <=