Payments as an answer to spam (addenda)
Anne & Lynn Wheeler
lynn at garlic.com
Sun May 18 08:47:13 EDT 2003
At 05:50 PM 5/18/2003 +1200, Peter Gutmann wrote:
>So I agree with the statement that "OCSP is actually a more timely version of
>the paper booklets that were distributed in the 50s & 60s". A real solution
>to the problem would follow the online authorisation model used for financial
>transactions, just a straight "Accepted/Declined" response, rather than the
>"Maybe/Maybe not" silly-walk that OCSP does.
But the actual transformation from offline paradigm to online paradigm had
nothing to do with the credential. In the credential world, there is
something emboddied in the credntial that convinces the relying party to
accept or reject the operation modula a currently valid/active credential
(aka as previously outline, these credentials are static, stale subset copy
of some master information someplace, typically kept in an account record).
The transition to the online paradigm involved asking is the payment
approved, nothing to do (directly) with the validity of any credential. The
certification authority and up-to-date information about authentication ...
but also up-to-date and aggregated information about patterns leading up to
this event. The certifying authority ... instead of commenting about any
credential ... providing yes/no regarding the transaction in the context of
real-time and aggregated information.
In fact, to the extent that any financial institution using a certificate
.... it did go thru a period of being used because of requirement by
various off-the-shelf software on the internet. However, because of privacy
and liability reasons they aborted the contents to just an account number
for a relying-party-only certificate. However, (other than requirement to
satisfy certain off-the-shelf software), it is trivial to show that such
relying-party-only certificates are redundant and superfluous from a
business process & flow perspective.
In general, there is almost nothing that you really want to put into some
document that is going to be sprayed all over the infrastructure for
everybody to examine. The original premise for X.509 was that there would
be some information in the contents of the certificate, that a
relying-party could take a look at for the basis of making a decision w/o
requiring anything more .. like online access or previously obtained
information. Given online access and/or previously obtained information
(prior/previous business relationship) .... it is possible to show that
stale, static information embodied in a certificate is redundant and
superfluous.
random past comments on relying-party-only certificates:
http://www.garlic.com/~lynn/99.html#228 Attacks on a PKI
http://www.garlic.com/~lynn/2000.html#36 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000.html#40 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000.html#41 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000b.html#40 general questions on SSL certificates
http://www.garlic.com/~lynn/2000e.html#41 Why trust root CAs ?
http://www.garlic.com/~lynn/2000f.html#15 Why trust root CAs ?
http://www.garlic.com/~lynn/2001c.html#56 PKI and Non-repudiation
practicalities
http://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation
practicalities
http://www.garlic.com/~lynn/2001c.html#72 PKI and Non-repudiation
practicalities
http://www.garlic.com/~lynn/2001c.html#79 Q: ANSI X9.68 certificate format
standard
http://www.garlic.com/~lynn/2001d.html#7 Invalid certificate on 'security'
site.
http://www.garlic.com/~lynn/2001e.html#35 Can I create my own SSL key?
http://www.garlic.com/~lynn/2001f.html#77 FREE X.509 Certificates
http://www.garlic.com/~lynn/2001g.html#65 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001g.html#68 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#0 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#3 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe???
http://www.garlic.com/~lynn/2002d.html#39 PKI Implementation
http://www.garlic.com/~lynn/2002e.html#56 PKI and Relying Parties
http://www.garlic.com/~lynn/2002e.html#72 Digital certificate varification
http://www.garlic.com/~lynn/2002m.html#17 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#20 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#55 Beware, Intel to embed digital
certificates in Banias
http://www.garlic.com/~lynn/2002n.html#30 Help! Good protocol for national
ID card?
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list