[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio

To: "Stephen Kent" <kent@xxxxxxxxxxx>, "Stefan Santesson" <stefan@xxxxxxxxxxx>
Subject: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Date: Fri, 9 Apr 1999 05:45:53 +0100
Cc: <ietf-pkix@xxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Steve,

<snip>


>>CyberPhone does a LOT more than address devices with limited capabilities.
>>It also addresses certificate management, traceability and transaction
>>logging, business transaction models, and last but not least end-user security
>>including resource loss, revocation, backup and recovery.

>I believe that all of the other issues you cite here are addressable via
>means that do not require creating a proxy private key agent.

This is it! And I am not talking about Coca-Cola :-) I am talking about current PKI
schemes.   They PROMISE you a lot but when it comes to down-to-earth
specifications on how all this is going to be performed in a cost-efficient,
convenient and secure (handling-wise) way there is Zilch, Nada, Nothing.

If you do as I asked Stefan, convert the scenario presented in my paper
"Dynamic Certificates" ( http://www.mobilephones-tng.com/v100/dynamiccerts.html )
to the "classical" way of doing things you will for each design decision create
a lot of new hard questions.  A system that can only do "A-B" operations
is totally insufficient for 21st century usage.  Why do SET support a three-party operation?
Because an on-line account-based purchase involves (at least) three parties!

Regarding CyberPhone's "unethical" use of digital signatures there seems to be fairly
limited consensus on your and Stefan's views.  I.e. digital signature laws are not
in harmony with automated systems in any way.  My guess is that the lawyers will
have to go back to the "drawing board" some day. 

As an example I can mention OBI that allows an order to be "Authorized" by
signing it and sending it to the selling organization.   The authorizer can be
a person or an automated process.  OBI is for REAL which makes a difference.

Actually, CyberPhone (like SET ServerWallets and OBI) does not break away
from PKIX at all, it just uses current PKIX technology (+ a few new protocols) in
a more or less novel way that is targeted at existing and future commercial uses
and business processes.

Regards
Anders

PS No views on the bio stuff ( http://www.mobilephones-tng.com/papers/idcards.html  )?  DS

Follow-Ups:
- Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
  - From: Stephen Kent

Prev by Date: RE: CA vs. EE cert processing
Next by Date: RE: CA vs. EE cert processing
Previous by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Index(es):
- Date
- Thread