Payments as an answer to spam (addenda)

Anne & Lynn Wheeler lynn at garlic.com
Sun May 18 08:47:13 EDT 2003 

At 05:50 PM 5/18/2003 +1200, Peter Gutmann wrote:
>So I agree with the statement that "OCSP is actually a more timely version of
>the paper booklets that were distributed in the 50s & 60s".  A real solution
>to the problem would follow the online authorisation model used for financial
>transactions, just a straight "Accepted/Declined" response, rather than the
>"Maybe/Maybe not" silly-walk that OCSP does.

But the actual transformation from offline paradigm to online paradigm had 
nothing to do with the credential. In the credential world, there is 
something emboddied in the credntial that convinces the relying party to 
accept or reject the operation modula a currently valid/active credential 
(aka as previously outline, these credentials are static, stale subset copy 
of some master information someplace, typically kept in an account record). 
The transition to the online paradigm involved asking is the payment 
approved, nothing to do (directly) with the validity of any credential. The 
certification authority and up-to-date information about authentication ... 
but also up-to-date and aggregated information about patterns leading up to 
this event. The certifying authority ... instead of commenting about any 
credential ... providing yes/no regarding the transaction in the context of 
real-time and aggregated information.

In fact, to the extent that any financial institution using a certificate 
.... it did go thru a period of being used because of requirement by 
various off-the-shelf software on the internet. However, because of privacy 
and liability reasons they aborted the contents to just an account number 
for a relying-party-only certificate. However, (other than requirement to 
satisfy certain off-the-shelf software), it is trivial to show that such 
relying-party-only certificates are redundant and superfluous from a 
business process & flow perspective.

In general, there is almost nothing that you really want to put into some 
document that is going to be sprayed all over the infrastructure for 
everybody to examine. The original premise for X.509 was that there would 
be some information in the contents of the certificate, that a 
relying-party could take a look at for the basis of making a decision w/o 
requiring anything more .. like online access or previously obtained 
information. Given online access and/or previously obtained information 
(prior/previous business relationship) .... it is possible to show that 
stale, static information embodied in a certificate is redundant and 
superfluous.

random past comments on relying-party-only certificates:
http://www.garlic.com/~lynn/99.html#228 Attacks on a PKI
http://www.garlic.com/~lynn/2000.html#36 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000.html#40 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000.html#41 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000b.html#40 general questions on SSL certificates
http://www.garlic.com/~lynn/2000e.html#41 Why trust root CAs ?
http://www.garlic.com/~lynn/2000f.html#15 Why trust root CAs ?
http://www.garlic.com/~lynn/2001c.html#56 PKI and Non-repudiation 
practicalities
http://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation 
practicalities
http://www.garlic.com/~lynn/2001c.html#72 PKI and Non-repudiation 
practicalities
http://www.garlic.com/~lynn/2001c.html#79 Q: ANSI X9.68 certificate format 
standard
http://www.garlic.com/~lynn/2001d.html#7 Invalid certificate on 'security' 
site.
http://www.garlic.com/~lynn/2001e.html#35 Can I create my own SSL key?
http://www.garlic.com/~lynn/2001f.html#77 FREE X.509 Certificates
http://www.garlic.com/~lynn/2001g.html#65 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001g.html#68 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#0 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#3 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe???
http://www.garlic.com/~lynn/2002d.html#39 PKI Implementation
http://www.garlic.com/~lynn/2002e.html#56 PKI and Relying Parties
http://www.garlic.com/~lynn/2002e.html#72 Digital certificate varification
http://www.garlic.com/~lynn/2002m.html#17 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#20 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#55 Beware, Intel to embed digital 
certificates in Banias
http://www.garlic.com/~lynn/2002n.html#30 Help! Good protocol for national 
ID card?

--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list