PKI needs bolstering by other identification types, Cerf says

PKI needs bolstering by other identification types, Cerf says

Vinton G. Cerf

At eGov, experts will detail how government is getting ready for globally wired environment

By Susan M. Menke
GCN Staff

At the eGov trade show in Washington this week, agency and industry keynoters will detail how the federal government is shifting gears for a globally wired environment.

General Services Administrator David J. Barram, Commerce Secretary William M. Daley and Katie Hirning, deputy director of the National Partnership for Reinventing Government, will speak along with Computer Associates International Inc. chairman Charles B. Wang; John Seely Brown, director of Xerox Corp.'s Palo Alto Research Center in California; and Internet pioneer Vinton G. Cerf.

Cerf, a senior vice president of MCI WorldCom Inc., told GCN that the government's urgent need for a widely accepted public-key infrastructure is not being met fast enough.

'We don't do lots of things because we don't have it,' he said.

'First you need a place to find the public keys and directories. Where do the keys come from?' he asked.

'One reason for authenticating users is to figure out what they're authorized to do. But people mix up authentication certificates with authorization. User authentication does not say what the user is authorized to do.'

Cerf said PK structures must become associated with documents such as driver's licenses, passports and birth certificates. 'We need an increased amount of confidence. We must not confuse one individual with others' as PKI transactions begin to spread to financial, tax and other personal areas, he said.

'If we look for better authentication and validation,' he said, 'we have to go to a scheme for collecting other information and maybe the key pairs.' Cerf said a biometric signature such as an iris pattern could be taken at birth or registered later by employers. A smart card, he said, could hold more than one PK identifier, each carrying a different level of confidence for personal identification.

'The United States needs to trigger an event to get PK on smart cards,' he said.

Another urgent need, he said, is to explore legal e-mail addresses for citizens to which the government could send official communications in lieu of paper.

Perpetual learning

Xerox's Brown told GCN that it has become a cliche to say that knowledge is doubling every few months.

'Our skills are obsolete every three to five years,' Brown said. 'We are looking not at K-12 education but at a lifelong learning culture.'

Brown said that what he has dubbed the Web Age will leverage large efforts by a few with small efforts by many.

For example, he said, experts from government and industry could make themselves available for 10-minute Web conferences to answer students' or citizens' questions.

'To create a culture of learning,' he said, 'we have to get people more engaged with government. Agencies create monumental knowledge that is hard for the public to find. We need to open a larger discourse about the information created at taxpayers' expense.'

Brown downplayed the recent rash of hacker attacks on federal Web sites. 'It's a technical problem that is absolutely solvable,' he said. 'Put sites outside the firewall as well as inside the firewall.'

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.