gnome-keyring KMIP/Mobile Banking. Re: GNOME keyring for Ubuntu/Mobile

[Anders Rundgren <anders rundgren telia com>]

On 2013-03-22 20:02, Martin Paljak wrote:
> I've tried to digest KMIP but don't quite get the point. 
> If somebody could explain in a sentence or two why i would want to use it, would be nice.

If your thing is storage and PCI compliance, KMIP is probably for you.

The KMIP charter is though pretty bogus because the conveners didn't realize that key-management for "slave 
devices" and human-owned/operated mobile devices are two distinct use-cases that doesn't benefit from a 
single standard.

For the latter the Linux world is stuck with a student hack from 1995 known as <keygen>.

That's why I and _thousands_of_other_developers_over_the_globe_ on pretty expensive consulting contracts are 
building completely unique key-management solutions for "mobile banks".

It is possible that the the platform owners believe that the banks' IT-folks are morons.
Personally, I think the problem is rather that the banks and platform owners probably never ever have met!

Anders

> -- 
> Sent from a device without a proper keyboard...
>
> On 22 Mar 2013 19:54, "Anders Rundgren" <anders rundgren telia com <mailto:anders rundgren telia com>> 
> wrote:
>
>     On 2013-03-22 11:11, Stef Walter wrote:
>     > On 03/22/2013 10:13 AM, Anders Rundgren wrote:
>     >> IMO mobile devices need something else than GCR; they need a integrated
>     >> keystore and enrollment system.
>     >
>     > gcr is just a library with some widgets and some bits for prompting,
>     > parsing certificate files, and so on. Nothing fancy, just a grab bag of
>     > tools.
>     >
>     >> The competition will have that at least:
>     >>
>     >> http://webpki.org/papers/PKI/certenroll-features.pdf
>     >>
>     >> This is running in a PoC format on Android.
>     >>
>     >> To succeed you also need to bring in Mozilla who also work
>     >> with their own Mobile OS (which is lagging wrt user-keys).
>     >>
>     >> I would be interested in working with this but I feel that
>     >> everybody is really waiting for Google since they are the
>     >> market leader in this space.
>     >
>     > Anders, you keep bringing up certificate enrollment on every mailing
>     > list. I applaud your enthusiasm, and that's certainly something that
>     > worthwhile to work on.
>     >
>     > But just talking about it non-stop doesn't help it get done. I would be
>     > keenly interested, and a big fan, if you were to work on integrating
>     > this into Linux (desktop or otherwise).
>     >
>     > I would support work to integrate this into our stack (gnome-keyring,
>     > seahorse, gcr, ...), if that's how you want to go about it. Or if you'd
>     > rather do something separate, then that's cool too.
>
>     I think the problem with this issue is that scope of the project goes
>     over so many different pieces that there's no chance for an individual
>     to master it all.  This is probably the reason why Microsoft never
>     managed creating am enrollment system for consumers.  Can the Linux
>     community do that?  In theory they could but in practice it seems
>     unlikely unless some of larger parties pay for the job.
>
>     In case you are really interested we should have a virtual conference
>     about certificate enrollment and key-stores.
>
>     >
>     > Perhaps you've already done work here, so maybe I just haven't seen work
>     > to integrate it into any Linux platform that I regularly interact with.
>     >
>     > Are you part of the KMIP technical committee?
>
>     I think KMIP will get zero support from the big vendors because
>     it doesn't address consumers' needs.
>
>     Cheers,
>     Anders
>
>     >
>     > Cheers,
>     >
>     > Stef
>     >
>
>     _______________________________________________
>     gnome-keyring-list mailing list
>     gnome-keyring-list gnome org <mailto:gnome-keyring-list gnome org>
>     https://mail.gnome.org/mailman/listinfo/gnome-keyring-list