I don't know if the same analogy applies here. While Visa and other
people may quickly develop and deploy a "secure" system, it is
safe to say that RSA is one of the few "standard" data encryption
systems in use. This has several benefits:
1) Well-understood and analyzed. This lends credibility to any
system that uses RSA since it is unlikely there are backdoors
in the basic encryption technique. This is not to say a particular
implementation (e.g. Netscape's problem with generating good keys)
is not vulnerable.
2) RSA implementations are likely to be more interoperable. I am sure
VISA would like to be the only system used for electronic commerce.
So would Mastercard, AmEx, etc... All these companies might generate
propriety solutions. However, these solutions become expensive to
maintain and implement for most businesses. So far, the internet
has shown the proprietary solution lose in the long run.
3) Encryption will be used for more than just commerce. When widely
deployed, it could be used for authentication, privacy, etc... The
types of applications that could use encryption would range from
simple request of services (login, printing, etc...) to mail to
transactions of all types. The Certicom/VISA system would need
to grow into these area or be left behind.
4) A number of RSA-based applications are already deployed and in
use. The expeience with Privacy Enchanced Mail (PEM), Netscape,
and even PGP should help drive future applications.
With the Internet involved, I would bet on a company that has a
solid "open standard" solution over a proprietary solution anyday.
The big risk I see with encryption is the lack of a good authority
to manage encryption certificates. The lack of a trust-worth
certification authority, IMHO is a major roadblock to wide-spread
deployment. |
