Some more on this topic.
Some TTP CAs (read: banks) have modeled their services after
their payment services. e-governments have signed up such CAs
to supply citizen certificates. Although I am fully convinced that
banks have an important role to fill in a TTP-based market (as
the on-line banking security requirements and on-line e-government
security requirements, are likely to be very similar), I strongly believe that
the four-corner model where each receiver (a,k.a. relying party)
must have
- a business contract with each trust network
- a unique relying party ID for each trust network
- a proprietary software installation for each trust network
and pay for each revocation check, is something that governments
should reject. For more details see:
http://www.x-obi.com/OBI400/e-government-ID-A.Rundgren.pdf
Another problem I see with this model is that it seems rather impossible
to support secure e-mail between individuals as e-mail packages
cannot easily match the requirements above.
Anders Rundgren
Consultant PKI and secure e-business