Re: NEW Data type for certificate selection ?

[Ed Gerck <egerck@xxxxxxxxxxxxxxxxxxx>]

On Thu, 1 Oct 1998, Stefan Santesson wrote:

>--- Message on the SEIS mailing list (list@seis.nc-forum.com)
>
>Ed,
>
>Now this is getting really exciting. I really want to understand what you
>are suggesting.
>
>How would you create a Bank application over https: ?

;-) commercial enquiries pls to sales@novaware.com.br 

>Here is some simple design requirements:
>1) First a secure channel shall be created (using SSL/TLS)

as explained in my previous postings, with server and client
authentication in SSL.

>2) Through the secure channel the customer is allowed to view accounts,
>exchange rates etc.

a question for a proper cgi-bin or Java servlet at the Bank's server.

>3) The customer is allowed to enter payment transactions.

sure, why not? He has (1) and (2) above at his disposal -- with all
needed functionality.

>4) Each payment transaction shall be individually signed using the
>customers non-repudiation certificate issued for the purpose.

as explained in my previous postings, with TWO options for that
implementation.

>5) Each transaction signature shall require the customers conscious
>acceptance.
>

;-) that you can NEVER guarantee over the Internet! Pls re-state your
goals and NEVER depend on that assumption.

>Now. How can you create this function without a plug-in and without using
>Javascript or similar.
>I would be vary happy to know this.

Well, I already tried to explain -- twice and with TWO options. Can
you tell me step by step, preferably by directly quoting my words of
the first posting where the solution was detailed, where is the
disconnect?


Cheers,

Ed Gerck

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br