On Tue, 17 Oct 1995 Jueneman(_at_)gte(_dot_)com wrote:
I wasn't talking about banking exclusively. In fact, the primary issue I
have been trying to address is to figure out how the banking/credit card
people can coexist with and support a public key infrastructure that is
used for other purposes as well, so that every industry doesn't feel the
need to go off and invents their own certificate type, etc.
I believe you have missed my point. I have been thinking about this for
a while and trying to build economically viable models such as you are
describing. Indemnification must be provided by someone with deep
pockets to make this thing work. If there is unlimited liability in
being a CA then the system will never happen. My point is it private
industry can deliver this indemnification much quicker, efficiently and
at a lower cost than creating a government agency to regulate it and
license it.
This is where I am at. Perhaps you or another list member can add additional
insight.
1. Ultimately for a transaction to complete, Someone has to clear the
transaction. In the case of financial transactions this is a bank
Therefore, this puts the bank as arbiter of the process in the driver's
seat. Whatever protocol, authorization, certification or whatever we
propose is isn't worth a hill of beans if the bank says "Do it my way or
it doesn't happen". Banks have the economy of scale and control of the
infrastructure to make this happen. To think they won't use this muscle
is naive.
2. As part of risk management a bank a "root" CA in this scenario may
extend trust to known lesser CA's down the line and idemnify them against
liability if they follow the rules of the bank. The bank will also have
the ability to refuse to clear transactions and cease dealing with CA's who
do not.
3. Legislation that by fiat demands that a bank or any other CA deal with
any other CA based upon some minimum criteria set by the legislature will
only drive up the cost of the transaction for the user (you and me ) and
impede the spread of this technology.
4. Therefore it seems existing laws, deriving from credit cards are
sufficient to cover this problem.
5. Outside the financial arena, the same economic pattern holds. Ultimately
it will be a person who decides who to trust and who not to, not technology.
Regards:
-arc
Arley Carter
Tradewinds Technologies, Inc.
email: ac(_at_)hawk(_dot_)twinds(_dot_)com
www: http://www.twinds.com
"Trust me. This is a secure product. I'm from <insert your favorite
corporation or government agency>."