Date: Wed, 11 Oct 1995 10:32:17 -0400
From: Peter Williams <peter(_at_)verisign(_dot_)com>
Do you believe RSA/DSA/DH-based commerce/payment systems are viable without
the objectives of RFC 1422, or the authentication before decryption rule
of 1421/1422?
I believe there are other ways to support commernce/payment schemes
without using certificate hierarchies and name subordination rules.
Most of these commerce schemes require an out-of-band mechanism for
initializing the process. For example, the signed application form for
a credit card that you mail to a bank. If when I sign up for a credit
card, I included a PGP fingerprint (for example), and the bank only
signed PGP keys for people whom they had issued credit cards, then the
signature on the PGP key has both certification and authorization
semantics. If establish an account with a local business, they could
sign my PGP key and that signature could mean that they've done the
necessary credit checks.
PGP happens to easily allow multiple signatures on a particular public
key in a cheap and efficient fashion. So makes it easier to do schemes
like this. However, you could do something similar with X.509
certificates too.
The point is that there are other schemes for handling the certification
problem besides the certificate hierarchy and name subordination. They
have different tradeoffs, and different benefits. We should avoid
falling into the trap of thinking that there is only one Right Way to
accomplish a particular task.
- Ted