[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: persistent identities
David P. Kemp writes:
> > From: "Perry E. Metzger" <firstname.lastname@example.org>
> > The Swiss Bank's decision procedure in this case is simple:
> > "he who can sign with the private key associated with the public key
> > associated with this account at our bank may make deposits and
> > withdrawals, or change the public key bound to the account". The bank
> > is free to bind an account number to that public key so that it may
> > maintain continuity of accounting records across key changes, or not
> > to, as its computers and programmers prefer.
> The bank's internal procedures are largely irrelevant. The purpose
> of a certificate is to convey information from an issuer (the bank)
> to a relying party (the merchant) to allow a subject (the account holder)
> to do something without requiring the relying party to contact the issuer
> every time.
Let me preface this by stating that I work in the financial industry.
What would a certificate say to a merchant? Only that the bank
certifies that someone has an account. It tells the merchant nothing
whatsoever about whether there is money in it.
Merchants cannot and do not rely on information that an account
exists. They don't care if an account exists -- they care if they are
going to be paid. What they rely on is information that a payment is
guaranteed, not that there is an account. Thus, such a signature is
useless to a merchant -- he has to go back to the bank for
If a bank wishes to issue signed digital banknotes, one still has to
do online verification to make sure that double spending doesn't
occur, unless one builds a system with a trusted agent in a smart
card. This is, however, an entirely different realm, and has little to
do any longer with the uses of X.509 or SPKI certificates.
> > In any case, as has been mentioned here in the
> > past, this isn't the X.509 bashing or discussion list, its the SPKI
> > list.
> The PKIX (X.509) community has already learned something from the SPKI
> community - that the user's counter-signature on a certificate may be
> If the SPKI community believes that there is nothing of value to be
> learned from X.509, fine.
No one said that. However, you phrased it not as an idea, but as a
criticism of the entire model.