Cyberspace – the interdependent network of information technology components that underpins many of our communications – is a crucial component of the Nation’s critical infrastructure. We use cyberspace to exchange information, buy and sell products and services, and enable many online transactions across a wide range of sectors, both nationally and internationally. As a result, a secure cyberspace is critical to the health of our economy and to the security of our Nation.
As I posted on twitter after seeing that: The use of the word "Cyberspace" to refer to the Internet helps us identify the idiots, old white guys and just generally clueless people.
The very disturbing thing is that "cyberspace" by term literally means the space between yours and my connection to the internet, be it phone line, cable, whatever.
Such broad usage of terminology and the idea of regulating it is wholly disturbing to me. This literally means everything from the last-mile connection from my ISP to my website is potentially up for interference from the government.
Why do I have the feeling that this will somehow be related to a massive crackdown on piracy?
Why is the federal government's involvement necessary? We have a (mostly) workable PKI system for SSL certificates. Why does a consumer-focused PKI require government coordination?
I think the lack of a widely deployed PKI for authenticating consumer's identities is an indicator that a novel approach is required, but what can the federal government do that an independent (perhaps multi-national) organization could not?
You've gotten to the real issues here. If the problem is lack of industry consensus (i.e. N standards instead of one), maybe the government can bully the industry into picking one.
We are "very early" in the sense that we're in the same place as 1996: usernames, passwords, credit card numbers, and SSL. (Or maybe we're worse off, since we didn't have much phishing in 1996.) What is it going to take to get some progress here?
It's not the government's job to pick winners and losers. Think about the words you selected: bully and progress. Together those don't sound very democratic to me. It's ends justifying the means thinking that gets well-intentioned people into trouble. Progress is people wising up about security, not forcing them to use certain technologies.
Bruce Schneier wrote an excellent article on PKI risks (http://www.schneier.com/paper-pki-ft.txt). Should be interesting to see how many of those are addressed as this scheme comes to fruition. It has the potential to become a highly useful backdoor intelligence gathering mechanism. This is a honeypot that the three letter agencies won't be able to resist.
Exactly. It will also make Id theft more easy because there will be a single point of failure. This is like one password for the web. I don't like this at google. It is easier but much less safe.
http://www.dhs.gov/xlibrary/assets/ns_tic.pdf
Basically an ecosystem of privately run PKI systems, with an independent governance board and standards body.