[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Finding PKIX Servers!

To: "'perry@xxxxxxxxxxxx'" <perry@xxxxxxxxxxxx>, Andrew Probert <AndrewP@xxxxxxxxxxxx>
Subject: RE: Finding PKIX Servers!
From: Alan Lloyd <Alan.Lloyd@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 8 Feb 1999 13:15:29 +1100
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

I think what Andy is implying is that we require a Banking
infrastructure which is global - similar to that of the telephone
system. As said a PKI is a function. It will be applied into vertical
markets according to business models. Its a logical process to say that
because of the I in PKI that such functionality will be part of a bigger
infrastructure system and some organisations will apply that to operate
what they deem as global services.

I never buy into the points that users dont care about the technology -
that is obvious. But the suppliers of services for money do - so they
can understand the risk with it and manage that according to their
customer/service model.

What is important in this debate is that the engineering ideology
proposed in these standards scales in terms of its engineering, its
operations, its information management and its commercial costs.
Hand crafting MORE knowledge into certficates - that relates to servers
- which then has to relate this certficate to information objects in a
distributed business model - strikes me as utter duplication of effort
and probably doubles the cost of operation of the PKI for the customer.
With real large PKI costs estimated as 10s of millions of dollars - why
double that with hand crafted information to indirectly access something
(a server that needs to go to directory information) that can be
accessed directly through the use of directory technology.

Do it right - do it once, is a good motto.

regards alan
> -----Original Message-----
> From:	Perry E. Metzger 
> Sent:	Monday, February 08, 1999 11:36 AM
> To:	Andrew Probert
> Cc:	ietf-pkix@imc.org
> Subject:	Re: Finding PKIX Servers!
> 
> 
> Andrew Probert <AndrewP@rotek.com.au> writes:
> > My thoughts run to business requirements like world-wide EDI
> trading,
> > shipping around contracts and documents, which require an integrated
> global
> > infrastructure.
> 
> No it doesn't. In fact, a global infrastructure is totally unneeded
> for this.
> 
> This sort of claim shows up all the time among people who haven't
> actually analyzed the real needs of real businesses. The truth of the
> matter is that no global PKI is either needed or desirable.
> 
> When people trade, they don't care about identities. They care about
> things like getting paid. That means you need a working banking
> infrastructure, not a PKI. Public key methods can help assure a
> transacting entity that its bank will pay it if it presents an
> electronic draft, or to help a transacting entity order the creation
> of such a payment, but such protocols are necessarily bilateral.
> 
> To put it another way: when you walk in to the book store to buy a
> book, the store doesn't care a bit about who you are. They care about
> whether they will be PAID, and knowing you have a valid cert tells
> them nothing about that. What they need is a signed statement from
> their
> accepting bank saying they will be paid -- and that doesn't require a
> Global PKI to set up. It might use a PKI set up by the bank or credit
> network for its own use, but it doesn't need a *GLOBAL* PKI.
> 
> 
> Perry

Follow-Ups:
- Re: Finding PKIX Servers!
  - From: Perry E. Metzger

Prev by Date: RE: Finding PKIX Servers!
Next by Date: Re: Authority Key Id.
Previous by thread: RE: Finding PKIX Servers!
Next by thread: Re: Finding PKIX Servers!
Index(es):
- Date
- Thread