[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Subject: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
From: Stephen Kent <kent@xxxxxxxxxxx>
Date: Fri, 9 Apr 1999 16:24:35 -0400
Cc: <ietf-pkix@xxxxxxx>, <list@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Anders,

>
>This is it! And I am not talking about Coca-Cola :-) I am talking about
>current PKI
>schemes.   They PROMISE you a lot but when it comes to down-to-earth
>specifications on how all this is going to be performed in a cost-efficient,
>convenient and secure (handling-wise) way there is Zilch, Nada, Nothing.

Our experiences differ.  I have PKI clients who are much more positive
about current technology capabilities.

>If you do as I asked Stefan, convert the scenario presented in my paper
>"Dynamic Certificates" (
>http://www.mobilephones-tng.com/v100/dynamiccerts.html )
>to the "classical" way of doing things you will for each design decision
>create
>a lot of new hard questions.  A system that can only do "A-B" operations
>is totally insufficient for 21st century usage.  Why do SET support a
>three-party operation?
>Because an on-line account-based purchase involves (at least) three parties!

Different forms of transactions embody different models for participants.
Some are two party, some 3, some more.  I do note that SET mamages to get
by with X.509 certs under the current model.

>Regarding CyberPhone's "unethical" use of digital signatures there seems
>to be fairly
>limited consensus on your and Stefan's views.  I.e. digital signature laws
>are not
>in harmony with automated systems in any way.  My guess is that the
>lawyers will
>have to go back to the "drawing board" some day.

No doubt that more legal work is needed, but that does not mean that the
approach you favor will necessarily fare better under revised laws.

>As an example I can mention OBI that allows an order to be "Authorized" by
>signing it and sending it to the selling organization.   The authorizer can be
>a person or an automated process.  OBI is for REAL which makes a difference.
>
>Actually, CyberPhone (like SET ServerWallets and OBI) does not break away
>from PKIX at all, it just uses current PKIX technology (+ a few new
>protocols) in
>a more or less novel way that is targeted at existing and future
>commercial uses
>and business processes.

If CyberPhone does not break from the PKIX model, there cannot be a need
for changes to that model to accommodate it.  So, let's stop wasting the
time of the folks on these mailing lists.

Steve

References:
- Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
  - From: Anders Rundgren

Prev by Date: RE: CMP message format. A naive question
Next by Date: Re: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
Previous by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by thread: Re: SEIS: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Index(es):
- Date
- Thread