Banks + Legally binding signatures = A mess

["Anders Rundgren" <anders.rundgren@xxxxxxxxx>]

The following is dedicated to legally binding signatures and
useful infrastructures for performing secure e-business.

A "Digital Company Paper" is my name on a certificate that
identifies an organization but does not identify an authorized
person.   It is used in conjunction with an associated private key
to sign commercial transactions "in the name of the organization".

Although banks are extremely tight-lipped about this,  _they_
were the first to introduce this concept on a grand scale.   If you
look at SET (Safe Electronic Transaction) certificates for
Merchants these contain no information related to an individual.

SET failed, but its successor 3D Secure (Verified by VISA) is now
pushed (really hard) by VISA on its member banks.   This time VISA
did not publish certificate profiles (to not get caught red-handed?),
but I'm very confident that Issuer (Bank)-certificates do not
contain references to authorized bank employees.

What's rather odd is that bank-people are those who have questioned
this idea the most.  This must be an example of tech-hypocrisy of the
highest possible magnitude :-)

=============================================
If this scheme works for banks and payments, it sure works for
most tasks in the commercial world using common sense logic.
=============================================

If this still feels a bit too easy, I propose an International conference
on how to align this powerful concept with legislation.

cheers,
Anders Rundgren