One certificate doesn't work for all
- By Dibya Sarkar
- Mar 16, 2003
While some organizations are moving toward creating a public-key infrastructure, others are still holding back before jumping in.
Ohio chief information officer Greg Jackson said his organization looked into creating a central PKI authority and asked other agencies to make a business case for applications requiring such a system. He said he could only justify one application — local health boards transmitting infectious disease reports to the Centers for Disease Control and Prevention — that would have required a higher level of authentication. All others would have just needed passwords and user IDs to access them.
"That's a technology looking for a solution," he said.
He was also concerned about the liability of a government, which acted as a certificate authority. He likened it to the issue concerning driver's licenses — originally issued only as legal permission to drive — being used as de facto national identification.