[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio

To: "Stephen Kent" <kent@xxxxxxxxxxx>
Subject: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Date: Thu, 8 Apr 1999 07:14:50 +0100
Cc: "Stephen Kent" <kent@xxxxxxx>, <ietf-pkix@xxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Steve,

>I know a numnber of reasons why SET has not been accepted in the U.S., if
>that's the context you're citing, and they are largely independent of the
>issues you cite.  For example, U.S. consumer protection laws make the
>advantages of SET over simple use of SSL and a credit card number
>unattractive to users.

You are absolute right. SET is a European problem currently.

> Since most online merchants can make a fair amount
>of money despite the security limitations (e.g., lack of origin
>non-repudaition) of the current paradigm, there is insufficient motivation
>for them to change to SET.

Right.

>Since most of the purchases over the web are
>done from PCs, the thin n client argument is not relevant.

That is true for the current situation - not for the mobile future though.

Hum, maybe you should take a look on GlobeSet's (a leader in SET) ServerWallet
and see why the developed it.  

>All of our employees have computers, those who travel have laptops.  Not
>all have cell phones.  of the ones that do have cell phones, few would be
>capable opf making use of the certs you describe, i.e., not many are PCS
>phones.


Sure, but I am talking about the year 2003 or so. 


>The solution you propose is definately NOT high quality.

By design?  I am fully convinced (not such a big surprise though :-))  that if
the CyberPhone concept and associated server technology is developed by the best brains
in the industry it could match any quality standards.  Regarding the security model
it is not so far from a PKI-only version of Kerberos which seems to be higly
regarded by security people.

>It is an effort to
>take advantage of devices with limited capabilities, and skew security
>design principles to accommodate these limitations.

CyberPhone does a LOT more than address devices with limited capabilities.
It also addresses certificate management, traceability and transaction logging, 
business transaction models, and last but not least end-user security including
resource loss, revocation, backup and recovery.

<snip>

Regards
Anders
http://www.mobilephones-tng.com

Follow-Ups:
- Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
  - From: Stephen Kent

Prev by Date: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by Date: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Previous by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Index(es):
- Date
- Thread