[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs versus short Validity periods

"Graham Finlayson" writes:
> However, there are applications for which the CRLs result in a 
> performance advantage. 
> e.g. I am Sears. I accept MasterCard short-life certificates and can 
> renew these certificates for the owner.

I see what you mean here, but in my opinion, Mastercard shouldn't be
issuing certificates AT ALL. Why? Because any customer charge is going
to have to be checked against credit balance anyway. It makes far more
sense for Mastercard to just keep a secure list of public keys agreed
to with customers (it may sign it or not for its own internal security
purposes) and use that to validate signed orders from customers to pay
vendors (i.e. digital drafts against credit line). Credit card
transactions will always have to be on line -- I see no point at all
in giving the vendor the ability to check the client's public key when
in fact he's not the object of the transaction.

Indeed, I've always wondered this about the financial uses of
keys. Its always the bank, in the end, that has to check the
transaction, not the person receiving the draft.