RE: Identification = Payment Transaction?

[Chandra Patni <C.Patni@xxxxxxxxx>]

Could you tell me where I can get information about specific PKI-ventures?
Regards
Dr. Chandra Patni

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren@xxxxxxxxx]
Sent: 12 November 2002 15:20
To: ietf-pkix@xxxxxxx
Subject: Identification = Payment Transaction?



Survey regarding the future of  PKI trust networks
------------------------------------------------------

Traditionally certificates have been purchased (or just issued) for
an entity by a party that is concerned that the entity can be properly
identified in authentication- and signature-operations.

For a relying party (RP) to check certificate-status has mostly been a
public and free service.

The financial industry however, have in several recent PKI-ventures
shown that they intend to change this by treating lookup-services as
equivalent to payment transactions, where the RP's bank is used as a
"trust clearing center" communicating with the subscriber's bank that
must be a member of the same "trust network".  To make it technically
impossible for RPs to fully verify signatures without going through
the trust network (and paying for the services), root-certificates are
usually not "published".

I would be very happy to hear what the PKI community in general
think about this scheme as the future for PKI.  Off-list responses
will be treated as CONFIDENTIAL information.

Anders Rundgren