This year, the world as we knew it has collapsed. Humankind deserved a warning about the non-sustainable way of life, although the price we have been paying since then is enormous and very sad. In this blog post, we will try to distract you and highlight the PKI-related developments of 2020.
In 2019, Microsec colleagues travelled all over Europe, and we were planning to establish new business relations, contribute to worldwide standardisation and pioneer PKI implementation developments in 2020, attending personally on three continents. Well, we all made it happen, right at strangers’ home and inviting them to our living room. Not personally, but almost. The online meeting has become the default way of discussion. During the spring months, we were whining about the lack of personal sessions and the lack of small talks. The second pandemic wave already hit us prepared. Nobody wanted to meet or travel any more. Mindsets were reset. Climate change? We at Microsec would fit a mid-size narrow-body aeroplane on a return flight between a Budapest-Berlin relation if we put together all the business travels made each of an average year before 2020. This year we flew nowhere but attended every single forum we planned from America to Asia. The use of PKI and certificate-based electronic signatures also helped us and our new partners to avoid any extra load on postal logistics, not to mention the number of days or weeks we saved on “airport no-show”. Our recent electronic signature subscribers had similar goals and conclusions. The reduction of emissions caused by our fuel usage was also significant due to default home office work and almost no commuting during this year.
Crises always have winners, too. Online meeting platform providers, delivery services and all kinds of electronic signature solution developers had to scale up their capacities this year. Since a qualified electronic signature certificate requires the step of personal or equivalent ID verification, governments suddenly begin to rethink the legal environment of the online video identification. QTSPs of a couple of EU member states are now allowed to substitute the compulsory personal meetings with online video identification. Competent legal experts developed the way of concluding a contract between e-signature capable and paper-based parties. E-signature users finally started to realise the importance of qualified electronic signatures, and now they can distinguish a biometric and a qualified signature.
The revision of the European eIDAS Regulation is scheduled to every four years. The pandemic made a hick-up of this process, but the timing could not be better. Electronic signature interoperability and validation check processes are in the urgent need of more precise homogenisation within the EU. The eIDAS review process started in 2020 and will be completed in 2021. Hopefully, it will contain a detailed description of how to join the eIDAS framework of a non-EU third country. Apart from the Brexit hit entities, more and more like-minded countries have been showing signs of interest lately.
Discussion about quantum computing has become more pragmatic in 2020. Industry forums have established workgroups and task forces to prepare applications to be “quantum-safe” or think about the way of a quantum computing-based operation, because as computing power is increasing, the time is ticking more and more. American giants made the “quantum supremacy” reality last year, and the Chinese as well have caught up in 2020. We will keep an eye on the European developments of 2021 as well.
Two challenges were left unresolved in 2020. The second is the details of the BREXIT. The European Union has been developing a decent fintech ecosystem during the past couple of years. Not so surprisingly, the number of the UK-based Third-party Payment Service Providers dominates the PSD2 world, thus, with BREXIT, we sadly have to say goodbye to more than a third of the overall European providers. The PSD2-specific seal and website authentication certificates are used even in domestic UK transactions, but the PSD2 Directive does not apply for non-EU countries. What will happen after New Year’s Eve? The corresponding regulatory-business-legal-technical discussion is at the very same stage as the agreement process between the EU and the UK representatives, days before the 1st of January 2021. Now, possibly we may rely on a temporary bridging concept.
In the past several years, there have been lively discussions about algorithm usability and the corresponding sunset dates, mostly regarding that of the good old RSA. In 2020, a new version of the SOG-IS Agreed Cryptographic Mechanisms paper has been published that gives most legacy algorithms five more years of usability, and three for 2048-bit RSA. This is probable to be reflected in the new version of ETSI’s AlgoPaper (TS 119 312) as well, so users of RSA-based certificates need not to worry for now, but as it is probable that this deadline will not be extended any longer, a good option is to migrate to ECC-based solutions that are recommended by the international community. We will follow up with a more detailed analysis of this topic in our future blog posts, so if one is interested, we highly recommend reading it.
It has been a tough year, but some questions are still left unanswered: will we be able to exchange paper-based business cards in 2021? And maybe even more importantly: will we be able to keep this year’s change of paper-based to electronic administration forever?
© 2021 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41