Date: Sun, 29 Jan 95 22:30 EST
From: TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil
Boy, if I were a business that wanted to receive orders over the
internet for quick delivery, the reassurance that I would get from this
statement would really give me a nice warm feeling about how I could be
responsive to my customers and be assured of the full support of the
legal system for any order that I filled based on receiving a PEM order.
Of course I would have to wait a week (or a month or whatever) to ship
until the next CRL were due, or I would need to get a speedy reassurance
that the certificate were valid, but then how is it that I could be
assured that the CA was responding, or that is was the CA... unless, of
course, it were a secure communications link perhaps?
Sigh.... This is an old argument regarding revocation; most we dredge
it up again? ....and there's still the obvious reply that most business
accept faxed purchase orders from established trading partners worth
thousands of dollars without blinking an eye.
For the common case, once a business has done business with a particular
certificate holder before (and the intial transaction may involve a lot
more than just checking with the CA to make sure the certificate is
O.K.; it probably requires a D&B or other credit check as well), after
that point most businesses probably won't feel that it's necessary to go
through major hoops each time.
- Ted