The Korea Post Office decided to support Firefox on internet banking and started the developement project of XPCOM based internet banking system with Hyundai Information Technolgy, the famous system integration company in Korea. This project will finished in November from July and supported by KIPA’s OSS Center. The XPCOM based internet banking is good news for Mac and Linux users in Korea. And most of bank will support Firefox following Korea Post Office in next year.Slashdot, Korea Post Office Supports XPCOM Based E-Banking

You feel that is strange for this news. This is a reason of wide usages of ActiveX in korean web sites. I worked as an partner of VeriSign and Thawte from 2000 to 2004, my company reselled their codesign certificate for a company to distribute ActiveX or JavaApplet. A total number of issued certificates is over 1,200 that is the top country in the world. Many korean web sites use ActiveX plugin in various services such as drag-n-drop file upload, printing documents, DRM, login, adwares, internet banking, cyber trading, credit card proccessing and online game etc.

How Korean troubled in Active X?

Most of country have used standard SSL protocol for internet banking. But, it have been used the plugin based internet banking (especially active-x plugin) in Korea. In past there were no web browsers for 128 bit encryption except Opera 3.5 for international users when Korea started internet banking services in 1998. It was reason that 128bit enabled browser didn’t be exported out of US by US laws before the year of 2000. Most of international browsers supported only 40 or 56 bit weak encryption on SSL. So Korea made own 128 bit encrytion algorithm called SEED and encourged to use all financial services including inernet banking and developed own national certificate system for all citizens based on public key infrastructure.

In browser war, all of company offered both ActiveX and NSplugin to use internet banking in Korea. After browser war, it was useless the NSplugin for low market share and users, so all of banks support only Active-x plugin. So some Mac and Linux users are troubled on using internet banking. The korean national certificate system has extended to many areas including cyber trading, credit card processing and online civil application. Of course, the government encouraged cross platform solutions for minor browser users. But, many of banks chose ActiveX plugin for IE users over 99%. This is first reason.

Web as Application and Broadband
So many korean recognized ActiveX plugin as public property because of offering by public sites. They push “OK” button without hesitation in browser alert to install ActiveX plugin. So many korean web sites don’t mind to offer ActiveX plugin to extend browsing functions. As you know, there are no social database infrastructures before world-wide web. So a few informations were only published on the web. So many korean sites focused on making functional web sites such as web-based groupware, web mail, community serivces including bulletine board and online chatting and game. The application as web needed to extend many thing of browser functions. For example, Sayclub, a famous chat site used ActiveX plugin to maintain a session with chat server. Users of sayclub must install login ActiveX plugin. (Sayclub has prohibited an access of Firefox, Safari and Opera etc. except IE.)

Also you know that Korea has become the most penetrated broadband market in the world. Many people of other country use dial-up modem for internet connection, on the contrary korean use high speed internet. So they don’t mind to download ActiveX plugin sized over 500kb in a second. (People of other country don’t image this situation.)

Solutions?
Of course, I don’t want to maintain an wide usage of ActiveX in Korea. But, this is result of some complicated and mixed reasons. But, korean must understand why web standards is important in view of the accessiblity for diabled people and compatiblity for all of browsers and operating systems. We try to offer alternative technologies for other browser users and finally must reduce usages of ActiveX plugin.

1. Alternative Technology
Some of vendors made various alternatives for Active X problems. A XPCOM based plugin was implemented and by Kyungwon University and KIPA in 2005. It released by open source under GPL2. Also Initech made front-end plugin using flex and native java applet. So an another vendor, Softforum developed Firefox based XPCOM plugin. I think the substitution of native java applet is clear alternative right now in view of short-term.

2. Standard Technology
This situation was somehow originiated by lacks of functionality in browsers. The SEED was already finalized in IETF 4 years ago, but this patch was not added to famous crypto libraries such as OpenSSL. At last, a guy gave a patch to OpenSSL in last year, OpenSSL RT #1273. (e.g. Camella, Japanese block algorithm was included in Open SSL in last year.)

As well as problem on cryptography, there is another thing on digital signature. The Korean law required digital signature signed by personal public certificates issued by government for all financial transactional data. But there is no standard-function on browsers to do thing except Firefox’s cypto.signText. So many national PKI systems uses plugin based signature tool as like Active X or Java applet in Danish, Spain and etc.

Many of governments want to establish own certificate system with own cryptography and own digital signature. So browser vendors must support standardized functions for it.