[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

To: BalluffiF@xxxxxxxxxx
Subject: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
From: Lynn.Wheeler@xxxxxxxxxxxxx
Date: Mon, 19 Jul 1999 10:49:16 -0700
Cc: kent@xxxxxxxxxxx, ietf-pkix@xxxxxxx

It isn't so much that it is applicable to "closed-systems" ... it is applicable
to systems that create some front-end sign-up/trust relationship and then
perform on-going transactions based on more global trust equation that isn't
atomic & self-containable on a per transaction basis (like information
aggregation ... i.e. account balance which is the combination of all deposits
minus all debits/withdrawals)

certificates are useful in situation for providing "on-the-fly" trust where none
previously existed. for random interactions this basically combines both the
transaction and the trust information into a single operation (where the scope
of the trust propogation can be transaction atomic and self-contained within the
definition of a certificate authorities policy and practices).

For instances where setup/sign-up trust operations are part of  the business
process ... certificates may or may not represent a mechanism for establishing
the initial trust environment (potentially replacing existing trust
establishment procedures). Part of the issue of transaction trust in a financial
environment includes aggregation information ... like current account balance).
As such, financial institutions establishes a more complex trust environment
including sign-up/setup that brackets large set of individual transactions
(instead of repeatedly doing all of the trust establishment on each
transaction).

in the x9.59 scenerio ... while the bank card transactions appear to operate
between the consumer and the merchant ... in reality the merchant is acting as a
transaction conduit to the consumer's financial institution ... where the
consumer is instructing their financial institution to transfer funds from
the consumer's account to the merchant's account

possible objective for certificates is being useful for trust propogation in
environments currently lacking existing trust infrastructures. webserver comfort
certificates are useful in providing such trust ... even without certification
authority infrastructures (i.e. simple certificate manufactoring processes).

so looking at banking ... the issue for certificates is looking at the part of
the business process where trust establishment enters into the equation ... and
being able to leverage the trust propogation characteristic of certificates.

It isn't so much whether there is an open or closed characteristic ... it is
whether the trust establishment occurs on every transaction or if there is an
business infrastructure that has a setup/sign-up phase for establihing trust
(i.e. setting up a bank account and maintaining the existing bank account
balance).

So, to the extent, that certificate authority policy and practices covers areas
of trust propogation that coincides with trust attributes needed in the
signup/setup process ... then specific certificate trust propogation is useful
at that setup/signup point.

Follow-Ups:
- RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
  - From: Stephen Kent

Prev by Date: DRAFT PKIX WG Meeting Minutes
Next by Date: Re: When is Timestamp applied?
Previous by thread: Is OCSP for validation?
Next by thread: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Index(es):
- Date
- Thread