Er ... I would have thought that others besides your customers would be
interested in looking up those in your directory. e.g. I'd have very
little interest in registering with a fee-based GTE, preferring a
fee-based Australian-owned service (I'm not adverse to paying money, but I
don't want to add to the export of cash out of my country either :-) ). I
do want to be able to communicate with those registered in your service.
Therefore I need to be able to do lookups. Do I need to become a customer
of yours so I can communicate with your other customers? I think this
defeats the purpose of having the directory for PEM. Without a world-wide
digital cash service, billing for lookups will be very difficult.
This is getting a little far afield of PEM, but it may be relevant to the
overall issue of directory support for PKI.
The NADF has written specs in its standing document series that specify how
charging and settlements will be handled (technically) between DSAs. No prices
are established -- that's up to each directory service supplier. At the risk of
oversimplifying, the charging algorithms would allow for recovering the cost of
thecomputing and transport portion of the initial query, plus the computing and
transport costs for the results. In addition, provision is made for either
charging for or subsidizing the cost of the information itself. For example, if
Dun and Bradstreet decided to post their database on line, presumably that is a
valuable, and they would want to charge for the information itself, in addition
to whatever fees might be reasonable for the transport service. On the other
hand, Quantas or Sears and Roebuck might be willing to charge a negative amount
for the information, i.e., subsidize the access charges, in order to provide a
low cost catalog function. In other words, the model supports the concept of
800 numbers and 900 numbers. (The thought occurs to me that not all countries
may offer those services -- free access and pay-per-minute access,
respsectively, with the 900 number most infamous for Dial-A-Porn.) (That's what
will probably make X.500 take off in the long run -- "dating" services with
JPEG or MPEG images to choose from.)
So, ultimately, the answer is that that you won't have to be a customer of the
directory service supplier that holds the data to gain access to it. Instead,
you should be able to subscribe to a local DSA, and the transaction would be
handled on a DSA to DSA basis.
To minimize the access charges to those "customers' who you would like to be
able to find you but may be located in different cities or even countries, it
would make sense and is encouraged for you to list in multiple places in the
worldwide directory. Certainly under C=AU, S=Queensland, L=Brisbane, but maybe
in Melbourne and Adelaide as well. And maybe under C=US,
rfc822=Rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au as well. (Remember, we are
talking about the DN of
the directory listing, not the DN in the certificate.)
I'd say your best bet Bob is to set the thing up as a free trial, see what
kind of feedback you get both on the registration and lookup side and then
use that to determine where is the best place to recover costs. Who
knows, maybe I'll be wrong and paying for lookups will work.
For the moment, and subject to change once I see how much administrative
overhead is involved, I'm thinking about offering the service for free to the
first 10,000 users, for the duration of their certificate (less than three
years.) Once the pump is primed, then perhaps a penny a day per kilobyte for
the listing would be reasonable. Since none of the X.500 implementations that I
am aware of yet implement the charging and settlements mechanisms, the access
will probably have to be free for some time to come.
I just returned from the ISOC meeting on network security, and there was a lot
of talk about digital cash mechanisms, some of which involved rather exotic
applications fo cryptography, and others, like First Virtual, simply operate as
closed loop Visa and Mastercharge merchants. Solving the paymets problem, even
for very low cost per transaction charges, may not be too difficult in the near
future.
Bob
--------------------------------
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Internet: Jueneman(_at_)gte(_dot_)com
FAX: 1-617-466-2603
Voice: 1-617-466-2820