Payments as an answer to spam (addenda)
Anne & Lynn Wheeler
lynn at garlic.com
Sat May 17 11:21:21 EDT 2003
The existing payment card infrastructure (credit, debit, online
stored-value, 3rd party, etc) had used a PKI-type infrastructure prior to
about 1970, aka credential (in this case in the guise of a plastic physical
card with varioius embossing and printing) that could be used in offline
transactions, unconnected transactions.
The transition to online transactions started in the early '70s ... used an
electronic end-point in the guise of magstripe added to the existing
physical credential ... while they were emboddied in the same physical
package, they represented totally different paradigms.
The existing PKI certificates are a return to the offline, pre-70s paradigm
that the existing payment card infrastructure left long ago. The existing
payment card paradigm is not only online in the sense that it checks
whether the account is still valid ... but also checks real-time,
aggregated information regarding whether there is sufficient funds.
OCSP for PKIs is a limiting baby step into an online world with real-time
checking of whether the offline credential is still valid .... but it
doesn't actually make it into the 1970s where a stale, static certificate
is redundant and superfluous and there is direct access to much higher
quality real-time and possibly aggregated information used for financial
operations. OCSP is actually a more timely version of the paper booklets
that were distributed in the 50s & 60s .... not an actual switch from a
basically offline paradigm to an online paradigm.
Frequently there were were comments equating statements about redundant and
superfluous certificates as being a transition to a centralized paradigm.
However the issue isn't with regard to centralized/non-centralized ...
which is effectively orthogonal to the issue regarding static, stale
certificates .... it is an issue of offline/online (not
centralized/non-centralized). There is the issue that if it is online
paradigm ... it is possible to have either a centralized or a
non-centralized paradigm .... which is somewhat more difficult to have such
option in a purely offline paradigm.
random past posts on redundant and superfluous offline credentials for an
online paradigm
http://www.garlic.com/~lynn/aadsm9.htm#cfppki CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm9.htm#cfppki6 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm9.htm#cfppki7 CFP: PKI research worksho
http://www.garlic.com/~lynn/aadsm10.htm#limit Q: Where should do I put a
max amount in a X.509v3 certificat e?
http://www.garlic.com/~lynn/aadsm10.htm#limit2 Q: Where should do I put a
max amount in a X.509v3 certificate?
http://www.garlic.com/~lynn/aadsm11.htm#40 ALARMED ... Only Mostly Dead ...
RIP PKI ... part II
http://www.garlic.com/~lynn/aadsm12.htm#22 draft-ietf-pkix-warranty-ext-01
http://www.garlic.com/~lynn/aadsm12.htm#29 Employee Certificates - Security
Issues
http://www.garlic.com/~lynn/aadsm12.htm#39 Identification = Payment
Transaction?
http://www.garlic.com/~lynn/aadsm12.htm#41 I-D
ACTION:draft-ietf-pkix-sim-00.txt
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list