pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

identity

1993-03-10 14:28:00
from [P . Williams] [Permanent Link] 
Recipient-ID-Asymmetric field clearly relates the originator to the (IA, serial)
quality of their identity. This is consistent with jurisdictional model, in 
which
it certification is quality of belief in the statements of the CA.

While the certification semantics clearly identity (IA,serial), it does place
an enormous burden on the CA to be reponsible for either 1) the correctness of
the identity/name mapping, else 2) keep a secondary veriable information source
qualifying the party such that a unique name is established by reference to a
secondary source of knowledge.

Given (1) is ideal, and even partial practice will take years to esatablish, I 
can
see why the overhead upon a CA to perform (2) will deter almost anyone from 
making
high-quality statements  in order to offer a high-assurance CA.

It is incrasingly clear to us that CAs as certifying authorities, versus 
certificate issuers,
is not something we here want to get in to at any but a very low level of 
assurance. 

Its
not even a matter of the security of the software and hardware which 
particuarly matter; what is
being judged is the quality of the very statements.

I stuggle to believe, in all honesty, that there is much demand in the open 
environment for
non-legal services beyond low-assurance. Why would one want it; and if one did, 
the provider
would certainly have to charge enormously high fees to cover the risk of 
accountable error.

Now PEM is here, what do we intend to do with it?

Massivle distribution of credentials to everyone would certainly be a big boom 
for e-mail
generally - replacing the paper postal service within (10!) years, given the 
reasonable
assurances of identity of origin upon which such is predicated. EDI, and legal 
professions
are another domain. Whereas electroic notary services will continue to be an 
exclusive
private service, EDI could logically be either private-domain subscriber based, 
as now, or
just as for inter-personal mail, be open. I suspect the latter.

Will PEM make e-mail terminals in your average persons life as common as say 
ATMs are now
in our lives, versus where they were 10 years ago? I suspect so; origin 
authentication
is the crux issue for massive demand.

otherwise, conventional, but high-quality, peer-entity authentication seems the 
main benfactor
of the certification infrastucture.

interesting times.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • identity, P . Williams <=
Previous by Date:  RIPEM, Robert W. Shirey
Next by Date:  Where can I find PEM stds?, rdsnyder
Previous by Thread:  RIPEM, Robert W. Shirey
Next by Thread:  Where can I find PEM stds?, rdsnyder
Indexes:  [Date] [Thread] [Top] [All Lists]