Do you trust A-Trust?
... trustfulness or cartel ;-)
It will have been a year ago that I've visited the Austrian government portal for citizen services.
With the social card (e-card) each Austrian has the possibility to use this card as digital signature card. With the card and a card reader for your computer (something I don't have) you could use online services to communicate with governmental authorities.
The alternative is to visit offices in person or mail via postal carrier.
So it would be quite a nice, comfortable way.
Yes, but for the SSL certificates used on the secured websites it is difficult for the citizen to trust...
The certificates of the sites are signed by a certificate authority of the "A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH".
The certs are not signed by an official CA known by each browser installation.
So on a visit of those websites your browser would normally warn you like this...
To be sure that there is nobody listening on your line (man in the middle) you have to check that this certificate isn't created by the man in the middle.
It could be done only if you may compare the provided certificate with another trusted certificate. That is impossible.
Something embarrassing for a government and a company selling Internet security related products, isn't it?
Ok, I'll see... maybe the next year I can buy a card reader...
With the social card (e-card) each Austrian has the possibility to use this card as digital signature card. With the card and a card reader for your computer (something I don't have) you could use online services to communicate with governmental authorities.
The alternative is to visit offices in person or mail via postal carrier.
So it would be quite a nice, comfortable way.
Yes, but for the SSL certificates used on the secured websites it is difficult for the citizen to trust...
The certificates of the sites are signed by a certificate authority of the "A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH".
The certs are not signed by an official CA known by each browser installation.
So on a visit of those websites your browser would normally warn you like this...
To be sure that there is nobody listening on your line (man in the middle) you have to check that this certificate isn't created by the man in the middle.
It could be done only if you may compare the provided certificate with another trusted certificate. That is impossible.
Something embarrassing for a government and a company selling Internet security related products, isn't it?
Ok, I'll see... maybe the next year I can buy a card reader...