Slashdot Mirror
Korea Post Office Supports XPCOM Based E-Banking
Channy writes "Mozillazine is reporting that the Korean Post Office has decided to support Mozilla Firefox for internet banking and has started the developement project of an XPCOM based internet banking system. From the article: 'In past there were no web browsers for 128 bit encryption except Opera 3.5 for international users when Korea started internet banking services in 1998.'"
The article is a little ambiguous - this seems to be only for SEED, a Korean only strong encryption algorithm, which itself isn't native to browsers, which is why they required activex in the first place.
I'd say it's because they have all their SEED technology in place, and don't want to replace that. Especially since it currently works. Producing a XPCOM based plug-in for Mozilla based browsers lets them connect to SEED encrypted connections, without replacing infrastructure.
You're completely mistaken if you think that North and South Korea would want anything to do with each other. Here's a hint: there's troops on each side of the border between them.
"It's time for us to put an end to history of dissension, and open an era of national integration. This also means laying the grounds to surmount division, and to ring in a reunified era ruled by peace and prosperity."
- South Korean President Roh Moo-hyun
Sure, there's some tension there, but I think saying that they want nothing to do with each other is a bit much. That'd be a better characterization for Pakistan and India, where some of the people actually dislike each other. I don't think the North and South Korean people actually dislike each other, but one group just happens to be ruled by a crazy dictator.
http://www.mozilla.org/projects/xpcom/xpcom-standa lone.html
"Yields falsehood when preceded by its own quotation" yields falsehood when preceded by its own quotation.
First, I'm a Korean citizen who uses on-line banking every day.
Just as the article mentions, 128-bit SSL wasn't an option when the internet-based banking started on 1998, so Korea had to develop their own standards. Since there are more than 10 million SEED-based certificates issued on this country, changing the whole infrastructure into SSL would be crazy.
Yes, certficates are issued to everybody who needs an on-line banking account, since itself is used as an authentication method. To get a certificate, you have to visit any bank that you have an account, ask them for on-line banking, and they will give you a one-time password for issuing your certificate (valid for one week).
Everything else is handled on-line. Since the authentication system is a national standard, it works with any bank, any credit card company, and I remember it also works on the stock market. You don't need any offline registration to use it on another bank.
The certificate is password-protected, just like any other certificate. I believe the certificate is node-locked. If you want to export/import the key, you need the password associated with the key.
I'm not sure how many of these kind of features are supported by SSL, but even if IE/Firefox/Opera's SSL has more features, I don't think it's a good idea to replace a system that works well. Yes, I hate ActiveX, but I don't want to see 10+ million Korean citizens visit the bank for re-issuing their certificate.