Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

[Lynn.Wheeler@xxxxxxxxxxxxx]

re: authorization/authentication seperation

this is not in terms of technolgy or security seperation ... this is in terms of
business interest seperation .... i.e. would the US dod contract to a another
contry's  military organization to do the preliminary authentication on all US
military SBU and top secret messages ... allowing them to  decide which messages
are flagged as correctly authenticated and which message are flagged as
non-authenticated??? this is further exasberated by the fact the US
would be in direct conflict with with the country that has the military
organization that has been selected to preprocess and authenticate US military
traffic on behalf ot the US military.

There is all sorts of opportunity for fraud when the business interests of the
organization doing authentication is in conflict with the business interests of
the organization authorizing and executing the transactions.

one of the reasons for reg. E is that it is readily recognized that the merchant
interests and the consumer interests do not coincide 100% ... furthermore ...
merchant banks representing merchants and consumer banks representing consumers
... are also representing conflicting interests.