Korea Post Office Supports XPCOM Based E-Banking

Channy writes "Mozillazine is reporting that the Korean Post Office has decided to support Mozilla Firefox for internet banking and has started the developement project of an XPCOM based internet banking system. From the article: 'In past there were no web browsers for 128 bit encryption except Opera 3.5 for international users when Korea started internet banking services in 1998.'"

Obl. "In Korea ..."

[weighn]

Only old people use secure internet banking.

The kiddies are swapping cvs details over Telnet.

SEED?

[erikharrison]

The article is a little ambiguous - this seems to be only for SEED, a Korean only strong encryption algorithm, which itself isn't native to browsers, which is why they required activex in the first place.

Re:SEED?

[Channy]

In past, there were no 128bit browser for international users. But, 40bit is very weak for financial service. So Korea chose plugin based internet banking and made own 128bit algorithm called SEED. Firstly, both NSPlugin and ActiveX were supported. After browser war, there is no market share of Netscape. So most of banks stop NSplugin. The SEED goes to world standard. http://www.ietf.org/html.charters/smime-charter.ht ml http://www.ietf.org/internet-drafts/draft-ietf-smi me-cms-seed-02.txt

Not quite following...

[uits]

Because they were unable to use 128bit SSL in 1998, they are going to develop internet banking that is dependent on Mozilla XPCOM, instead of taking a cross platform standard SSL approach now?

While Mozilla is ostensibly a better platform to be locked into than Microsoft, is this really a big benefit?

Someone please translate for the layman (me)

Re:Not quite following...

[ihavnoid]

First, I'm a Korean citizen who uses on-line banking every day.

Just as the article mentions, 128-bit SSL wasn't an option when the internet-based banking started on 1998, so Korea had to develop their own standards. Since there are more than 10 million SEED-based certificates issued on this country, changing the whole infrastructure into SSL would be crazy.

Yes, certficates are issued to everybody who needs an on-line banking account, since itself is used as an authentication method. To get a certificate, you have to visit any bank that you have an account, ask them for on-line banking, and they will give you a one-time password for issuing your certificate (valid for one week).

Everything else is handled on-line. Since the authentication system is a national standard, it works with any bank, any credit card company, and I remember it also works on the stock market. You don't need any offline registration to use it on another bank.

The certificate is password-protected, just like any other certificate. I believe the certificate is node-locked. If you want to export/import the key, you need the password associated with the key.

I'm not sure how many of these kind of features are supported by SSL, but even if IE/Firefox/Opera's SSL has more features, I don't think it's a good idea to replace a system that works well. Yes, I hate ActiveX, but I don't want to see 10+ million Korean citizens visit the bank for re-issuing their certificate.

Re:Now

[strcmp]

Why should they drop support for IE? It's still the most widely used browser, despite its many flaws.

This is no worse than saying that they should drop support for Safari because it's so sparsely used.

Re:which korea?

[damsa]

North Korea doesn't have internet nor money. My bet that this is South Korea.

Re:Now

[killjoe]

The average person will eat whatever you shove down their throat. MS knows that, Politicians know that, why don't you know it?

Re:Is there a STANDALONE xpcom release?

[strcmp]

http://www.mozilla.org/projects/xpcom/xpcom-standa lone.html

Post office

[DavidBartlett]

In case you were wondering, most bills are paid at the post office in Korea.

I can see it now!

[Agarax]

Oh yeah, I can see you at the board meeting now:

You: "Well, sir. I think we should block out Internet Explorer users because their browser is unsafe."

Boss: "Is it unsafe for us or them?"

You: "Them. It would'nt really effect us. They are just more likely to become victims of identity theft through a virus."

Boss: "Can they also get the same virus through an email attachment? Or by someone digging through their trash?"

You: "... yes."

Boss: "How many of our customers use IE?"

You: "About 80%"

Boss: "And what is there to prevent them from moving to another bank that DOES support their browser?"

You: "Well, that would be a lot of trouble for them to go through. It's easier to just download a safe browser."

Boss: "And what would we do about the advertisements our competitors would air stating that we don't properly support internet banking because we dropped support for IE? Getting new customers might become difficult."

You: "Well ... we tell them that it is foolish of them to use Windows and Internet Explorer and that they should switch to something else."

(Long Pause)

Boss: "While we are at it, why don't we refuse entry to SUVs in the drive-thru ATM because the customer is more likely to scratch his paint and he is wasting the gas he paid for? You should stick to IT, you don't know jack about how a business works. "