[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thin PKI won - You lost

To: Camillo Särs <Camillo.Sars@xxxxxxxxxxxx>
Subject: Re: Thin PKI won - You lost
From: Lynn.Wheeler@xxxxxxxxxxxxx
Date: Fri, 15 Dec 2000 08:24:19 -0800
Cc: Anders Rundgren <anders.rundgren@xxxxxxxxx>, PKIX-List <ietf-pkix@xxxxxxx>




>the response (to the merchant) doesn't currently have to be signed
>for authentication purposes because it comes in via a trusted network.
>One could imagine migration to a non-trusted network implementation
>for the response ... reguiring signed authentication. However, because
>of the required prior business relationships there isn't a requirement for
>offline trust propogation, the public key of the responding merchant
>financial entity is simply installed at the merchant (possibly in a manner
>similar to the way that root public keys are delivered in browsers,
>but under somewhat more strict business controls).

of course one could quibble whether the above referenced signed response is a
thin certificate or not. it could look & taste like a thin certificate ... the
primary business difference between a thin certificate and a signed transactions
... is one (the certificate) is signed before the transaction (and might
possibly be used for multiple transactions) and the other (signed transaction)
is specific to the current transactions. In effect, the thin certificate has the
liable party signing something for offline trust propogation that they might not
have exact knowledge of before hand. As a thin PKI makes more & more of the
transition to online ... it eventually crosses the business line from doing
pre-authorized signatures to signing the actual transactions.

Prev by Date: Re: Thin PKI won - You lost
Next by Date: PKIFailureInfo : Internal Error
Previous by thread: Re: Thin PKI won - You lost
Next by thread: RE: Thin PKI won - You lost
Index(es):
- Date
- Thread