> Depending on the objectives of the group, this could end up as
> an open standard with good input from the cryptographic community,
> or as yet another broken proprietary system waiting for Ian Goldberg=20
> or Bruce Schneier to crack over lunch :-) The web page looks positive, at
> least.
> http://www.psd-design.co.uk/radicchio/pages/pki.html
Well, except the part about the Certifying Authority "generating key
pairs" and then handing over the supposedly-private key to the
individual along with the signed public key.
This same error (or deliberate kowtow to key-escrow wiretappers)
exists in the Sonera "SmartTrust" product description at:
http://www.sonera.fi/smarttrust/certification.html
It appears that the original motivation for Radicchio is to push
Sonera's SmartTrust products into the market. There may be other
reasons, or it may grow into something useful, but don't hold your
breath.
What the "3G" (third generation) mobile phone market needs is to stop
treating them as phones and treat it like a network. I.e. publish a
standard protocol for IP access to the network, like the spec for
Ethernet cards and the RFC for IP over Ethernet (RFC 894). Let anyone
build that interface into any device! That way we'd see user-owned,
programmable, general purpose computers with 3G interfaces. These
would enable advanced applications to appear at a hundred times the
curent rate the telcos and cellphone manufacturers permit them to
reach the market. And would enable end-to-end encryption, among
interested parties, that the governments of the world couldn't subvert.
Hmm, a few days ago SSH announced a partnership with Sonera on this
stuff. Perhaps Tatu will give us his views on whether they're likely
to come up with something actually intended to be highly secure (like
IETF's IPSEC) or something intended to be easy to wiretap and subvert
(like everything else in the mobile phone market).
John
