[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs versus short Validity periods

To: "Graham Finlayson" <graham@amanda.worldtalk.com>
Subject: Re: CRLs versus short Validity periods
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 01 Mar 1996 10:55:24 -0500
Cc: cme@cybercash.com (Carl Ellison), spki@c2.org
In-Reply-To: Your message of "Thu, 29 Feb 1996 16:27:03 GMT." <199603010028.AA133860097@amanda.worldtalk.com>
Reply-To: perry@piermont.com
Sender: owner-spki@c2.org

"Graham Finlayson" writes:
> However, there are applications for which the CRLs result in a 
> performance advantage. 
> 
> e.g. I am Sears. I accept MasterCard short-life certificates and can 
> renew these certificates for the owner.

I see what you mean here, but in my opinion, Mastercard shouldn't be
issuing certificates AT ALL. Why? Because any customer charge is going
to have to be checked against credit balance anyway. It makes far more
sense for Mastercard to just keep a secure list of public keys agreed
to with customers (it may sign it or not for its own internal security
purposes) and use that to validate signed orders from customers to pay
vendors (i.e. digital drafts against credit line). Credit card
transactions will always have to be on line -- I see no point at all
in giving the vendor the ability to check the client's public key when
in fact he's not the object of the transaction.

Indeed, I've always wondered this about the financial uses of
keys. Its always the bank, in the end, that has to check the
transaction, not the person receiving the draft.

Perry

References:

Re: CRLs versus short Validity periods

From: "Graham Finlayson" <graham@amanda.worldtalk.com>

Prev by Date: Certificate validity issues
Next by Date: ACLs vs. Capabilities
Prev by thread: Re: CRLs versus short Validity periods
Next by thread: CRLs versus short Validity periods
Index(es):
- Main
- Thread