[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Thin PKI won - You lost

To: "'Lynn.Wheeler@xxxxxxxxxxxxx'" <Lynn.Wheeler@xxxxxxxxxxxxx>
Subject: RE: Thin PKI won - You lost
From: Peter Williams <peterw@xxxxxxxxxxxx>
Date: Fri, 15 Dec 2000 15:54:15 -0800
Cc: PKIX-List <ietf-pkix@xxxxxxx>

The Davies and Price original conception of the ideas of 
key certification around in international (but few US) circles in 1976/7/8/9

was one in which the CA issued an interactive certificate, attesting to 
the current validity of the key binding, in the context of the 
transaction, thus providing appropriate dispute resolution capabilities 
to a limited group of parties.

There are several current trends back towards the D&P model 
in banking and related settlement-orinted transactions.  

Its fascinating to read the EFT and security books of this era.

-----Original Message-----
From: Lynn.Wheeler@firstdata.com [mailto:Lynn.Wheeler@firstdata.com]
Sent: Friday, December 15, 2000 8:24 AM
To: Camillo Särs
Cc: Anders Rundgren; PKIX-List
Subject: Re: Thin PKI won - You lost






>the response (to the merchant) doesn't currently have to be signed
>for authentication purposes because it comes in via a trusted network.
>One could imagine migration to a non-trusted network implementation
>for the response ... reguiring signed authentication. However, because
>of the required prior business relationships there isn't a requirement for
>offline trust propogation, the public key of the responding merchant
>financial entity is simply installed at the merchant (possibly in a manner
>similar to the way that root public keys are delivered in browsers,
>but under somewhat more strict business controls).

of course one could quibble whether the above referenced signed response is
a
thin certificate or not. it could look & taste like a thin certificate ...
the
primary business difference between a thin certificate and a signed
transactions
... is one (the certificate) is signed before the transaction (and might
possibly be used for multiple transactions) and the other (signed
transaction)
is specific to the current transactions. In effect, the thin certificate has
the
liable party signing something for offline trust propogation that they might
not
have exact knowledge of before hand. As a thin PKI makes more & more of the
transition to online ... it eventually crosses the business line from doing
pre-authorized signatures to signing the actual transactions.

Prev by Date: RE: meeting minutes
Next by Date: Re: Classic PKI vs Thin PKI/S2ML
Previous by thread: Re: Thin PKI won - You lost
Next by thread: PKIFailureInfo : Internal Error
Index(es):
- Date
- Thread