browser vendors and CAs agreeing on high-assurance certificat es

leichter_jerrold at emc.com leichter_jerrold at emc.com
Sun Dec 18 15:54:24 EST 2005 

| 2) the vast majority of e-commerce sites did very few number of
| transactions each. this was the market segment involving e-commerce
| sites that aren't widely known and/or represents first time business. it
| is this market segment that is in the most need of trust establishment;
| however, it is this market segment that has the lowest revenue flow to
| cover the cost of creating a trust value.
...which raises the interesting question of whether there is a role here for
banks in their traditional role:  As introducers and trusted third parties.
Imagine a "E-commerce" front end:  Instead of little-guy.com buying a cert
which you are supposed to trust, they go to e-commerce.com and pay for a
link.  Everyone trusts e-commerce.com and its cert.  e-commerce provides a
guarantee of some sort to customers who go through it, and charges the
little
guys for the right.

| there is actually a third issue for the vast numbers of low traffic
| e-commerce merchants ... the lack of trust can be offset by risk
| mitigation. it turns out that this market segment where there is
| poissble litte reason for the customer to trust the merchant has had a
| trust issues predating the internet ... at least going back to the
| introduction of credit financial transactions. as opposed to trust, risk
| mitigation was addressed in this period with things like reg-e and the
| customer having a high level of confidence that disputes tended to
| heavily favor the customer. this characteristics of risk mitigation, in
| lieu of trust, then carried over into the internet e-commerce relm.
Yup.  This is the role E-commerce.com would play.

Since e-commerce.com would actually be present in the transaction - as
opposed
to a distant cert authority - in principle it could charge in a way that
made
sense.  If it's mitigating risk, the cost should be proportional to the risk
-
i.e., the size of the transaction and what e-commerce knows about little-guy
and its history.
							-- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list