[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary Trust x Delegation (fwd)


At 06:41 PM 5/29/97 +0200, Stef Hoeben wrote:
>> If my understanding is correct, please describe in specific detail how 
>> the SPKI delegation mechanism is any less secure or robust than the 
>> real-world authorization and delegation mechanisms upon which human
>> civilization is currently built.
>> 	-Michael Robinson
>(The first mail probably didn't arrive, but if it did, sorry for
>this duplicate)
>Well, suppose your friend Alice certfies a cert from her friend Bob,
>and that cert from Bob says he knows a shop where they sell a product
>X, which you 're looking for for a long time. The cert contains the
>public key of the shop, so you and the shop can sign an agreement to
>sent X to you for some (prepaid) money. 
>-> This is the SPKI way, isn't it? But it is not so secure, I think,
>   because you can't really trust that signature.
>In real world, you would go to that shop. Or you search their phone
>number in the Yellow Pages so you know if it's a real shop, and ask
>if they send a fax to you. (Not extremely safe but often enough.)
>Or if you know a good CA who happened to certify the shop, you 're 
>safe too if legislation is OK. 
>And as far as I understand MC, you would ask that shop to send you
>a private MC, a program which will do authentication for you (I hope 
>I'm right, Ed Gerk).
>I hope this makes sense...
>Thanks for the trouble of explaining this to me,
>						   Stef


	the real issue is to decide what information you need about the shop before 
you trust it enough to send it money.  Do you need Better Business Bureau 
certification that it is in good standing and has no rash of customer 
complaints?  Do you need testimonials from satisfied customers?

	What would satisfy you?

	Whatever that is, that's the kind of certification you should demand before 
you send the shop any money.

 - Carl

Version: 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |