PKI investigation labelled a waste of time and money

NEWS The EC this month launched a two-year investigation into the problem in partnership with the European Forum for Electronic Business (EEMA). But according to Dr James Backhouse, director of the London School of Economics Computer Security Research Centre, the project is misguided. He told silicon.com: "[PKI] interoperation isn't prevented by the fact that certain types of software can't talk to each other." Backhouse is leading a Department of Trade and Industry-funded project designed to solve the same problem, but the scheme - dubbed Fiducia - will ignore the issue of competing PKI technologies. Fiducia instead aims to map the legal and semantic differences between encrypted certificates, eventually creating a database of rules and procedures to allow users to accept different types of certificate regardless of technology. BT, US firm Presideo and PKI company InterClear are all involved in the 18-month Fiducia project. Simon Lofthouse, marketing manager at InterClear, claimed arguments over technology interoperability are clouding the real issue of wide-scale deployment of PKI. "People and organisations are being led up the garden path by vendors banging on about technology," he said. "We can solve technology interoperability, but once you've solved that you still have problems with different rules and regulations." A number of standards for PKI already exist, including digital certificate standard X509 promoted by the International Telecoms Union (ITU) and International Standards Organisation (ISO). Lofthouse added: "PKI is not a difficult technology to use. You can run a PKI based on the technology you already have. Technology vendors are not helping the situation - they're just putting users off." Fiducia was announced in October as part of a DTI drive against crime and fraud on the internet. At present, the scheme has no start date because of complications surrounding the involvement of Presideo, but Backhouse told silicon.com he is confident of a quick resolution.