CFP: PKI research workshop

Karsten M. Self kmself at
Wed Dec 26 17:34:41 EST 2001

on Wed, Dec 26, 2001 at 07:45:13AM -0800, Carl Ellison (cme at wrote:
> Ray,
> 	if you look at PKI as a financial mechanism (like credit cards),
> then I see two major problems:
> 1.	the PKI vendors aren't financial institutions, so they aren't in a
> position to assume risk and make money from that
> 2.	the current PKI thinking (e.g., with "rebuttable presumption of
> non-repudiation") is anti-consumer, when viewed as a financial
> mechanism, and I can't imagine that succeeding even if the vendors
> were banks.

I disagree with this premise.  I also see PKI being as strongly
pro-vender.  With consumers legally, and banks contractually, sheltered
from the bulk of credit card fraud risks, the burden falls on merchants.

I would expect that a merchant-based initiative to produce a
non-refutable electronic payment system would see some favor.  With
current retail numbers in the toilet, any opportunity to shave losses
should meet some favor.  A number of merchants have their own credit
payment systems, and might be the source of such an initiative.

The next battleground becomes rights to public privacy in the face of
such systems.  I'm curious as to systems which might use various forms
of one-time keys or tokens to validate transactions, there was some
discussion of this 1-2 years back, with a system proposed by AmEx IIRC,
but little followup.


Karsten M. Self <kmself at>
 What part of "Gestalt" don't you understand?              Home of the brave                    Land of the free
We freed Dmitry! Boycott Adobe! Repeal the DMCA!
Geek for Hire            
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <>

More information about the cryptography mailing list