Whilst there are really plenty of statements I fully agree with
within Bob Jueneman message, I have a major disagreement about one
point in his proposal. It concerns the goal Bob proposes to the
ietf-payments list and potential WG.
Unless I misspoke, I suggested that the ietf-payments list and the new WG be
used to address the price/specification negotiation issue, and that e-payments
address the payment protocol issues.
I strongly object the iKP focus or starting point Bob suggests.
Here are the three major objections I have :
1. as discussed in Stockholm there is no hope to modify whatever
solution Visa + Microsoft + ... are preparing
((the alternative is either a) wait for their specs and products
be delivered or b) design protocols in a completely independant way))
I'm not sure that that is a foregone conclusion. I agree that they are not
likely to wait for our deliberations, but I suspect that most of the developers
that are involved at least lurk on these various lists, and might be persuaded
to contribute from time to time. Don't forget that all of these people
eventually want to sell their products and services, and they will be looking
for discriminators. In addition, most of the time there are differences of
opinion even within a single organization, and this can almost be guaranteed
when a number of large players start trying to develop a common set of specs.
The IETF may be able to play a effective role as technical arbitrar and friend
of the consumer, and thereby influence the final design -- perhaps
significantly. At a minimum, the discussion and vetting should at least serve
to educate people about the tradeoffs being made. I would hope to avoid the
situation we saw with the MOSS effort, where it sort of sprang up more or less
full grown and required a lot of debate to get everyone on the same page. (I
accept that some of the MOSS developers might disagree with this assessment.)
2. iKP is suited to one well known business and transaction model
(the current credit card scheme). Well... I still claim there is room
and justification for other different and competing models, and I
don't see any reason why the IETF should self-limit to this one
(which of course I do not exclude).
I don't disagree, and didn't mean to suggest that alternative schemes couldn't
or shouldn't be developed. Competition is basically healthy, as long as it
doesn't lead to a Beta vs. VHS type of chaos. All I was suggesting was that
there is at least one solid and credible proposal on the table that appears to
be very suitable for solving a substantial portion of the overall e-payments
problem, and I would like to have a forum where those people who are interested
in that solution can make progress without having to continually argue whether
that model solves all of the world's problems. I don't care whether the
discussion takes place on the e-payments list, or on some other list. and I'm
not trying to suggest that iKP would necessarily be THE Internet Secure
Payments Protocol, although I think it may be more widely applicable than you
appear to believe.
I am pretty certain and ready to demonstrate that the credit-card
model is NOT suited for micro-payments unless you accept that there
will exist a single centralized clearing center (of course owned
and operated by Visa Mastercard) for which any other actors
including baks can only act as selling desks... Is it the IETF
role to standardize a monopoly legitimating technology????
There is hardly a monopoly in the credit card business. MasterCard and Visa
compete vigorously for the bank's and merchant's business, although most
consumers would be unable to tell any effective difference. American Express is
certainly a major player, as is Sears through their Discover card. Diner's Club
and Carte Blanch are still around, and I don't know what the situation is
outside of the US. It's not inconceivable that Amoco, Exxon, Texaco, Shell
etc., could decide to move into this business, and likewise AT&T and MCI,
Merrill Lynch and Fidelity, Prudential, and/or lots of other companies with a
pre-existing large customer base. Most of the existing credit card companies
already have linkages and interoperating agreements with each other and their
member banks. If you go to a merchant and give them your Visa, Amex, or
Discover card when they have signed up with a MasterCard acquiring bank, the
transaction will still go through just fine. Additional clearing houses to
support micropayments would therefore not be beyond the realm of possibility,
it would seem.
Whether or not the credit card model is suited for micro-payments, or whether
the notion of micro-payments is viable at all is not the issue. Likewise, the
credit card model is probably not a viable solution for large corporate EDI
transactions either, whether the parties exchange creditcs and debits directly
or via some clearing house. It won't replace checks, and probably isn't
suitable for bartering a week of your time-share condominium for a replacement
motor for your 1963 Corvette. So what? Other than the vested interest of some
of the players, why is the issue of micro-payments so important that it should
dominate all of the discussion, to the exclusion of anything else? (And vice
versa with respect to iKP, of course.)
It's quite clear that there are substantially different market forces at work
here, and trying to force fit multiple markets into a single payment mechanism
almost surely won't work, or at least won't satisfy the all the various
players. So let the different parties go off and develop separate schemes and
get out of each other's way. We can let the market make the ultimate decision,
although the "losers" may get burned in the process. My personal interests lie
closer to the mainstream credit card model, and I'd like to get on with that
discussion. The only issue seems to be a choice of the appropriate venue -- I
don't give two hoots about formal charters and politics. If enough people
agree, the work will get done, and if they don't, it won't. If forming multiple
working groups to address these different models would help, by all means go
ahead and do that.
3. the consensus I perceived (or was it just my endorsement of Vinton Cerf
advice?) was that IETF e-payments group should identify and work on
a few well delimited basic components and avoid taking into account
e-commerce or even e-payments as a whole. The iKP focus
implies the backing of a complete business model (even if
Stockolm presentation tend to pretend it does not).
I would agree that some working group ought to be formed to address some of the
well delimited issues. It appears to me that at least three such communities of
interest should come together and perhaps more. And certainly, the sooner the
better if this is to have any effect on ongoing work.
Again I do support Bob's proposal to avoid duplicating the work about
formats, about risk analysis, about CAs and about certificates and
the above relates only to the ietf-payments charter.
Good. Can we at least informally agree that the infrastructure risk analysis,
CA, and certificate format issues should be discussed on pem-dev, with the
recognition that this may require broadening the scope of that list to address
more than the traditional e-mail issues? I don't want to exclude or miss
anyone, but continuing to post to multiple lists seems wasteful.
Maybe IBM should set up a list to discuss iKP specifically, leaving/abandoning
the e-payments list to those interested in developing alternative proposals?
And then ietf-payments could form the nucleus of a group to focus on the
price/specification negotiation protocol?
bob
--------------------------------
"Robert R. Jueneman" <Jueneman(_at_)gte(_dot_)com>
Staff Scientist, Wireless and Secure Systems Laboratory
GTE Laboratories, 40 Sylvan Road, Waltham, MA 02254
Waltham office: Voice: 1-617-466-2820, FAX: 1-617-466-2603
Telecommuting: Voice: 1-508-264-0485, FAX: 1-508-264-4165