[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: comments on <draft-ietf-spki-cert-theory-02.txt>



On Sun, 26 Jul 1998, Ian Brown wrote:

>
>>amex
>
>Nope -- the merchant cares about the payment authorised by your account number, not your name.


Ian:

While I strongly disagree with Alan Lloyd's wording about SPKI, and
while I have almost one year ago already discussed here the
inapropriate name of SPPKI since it is not a PKI and the bad
consequences it would bring by such "misrepresentation", I must say
that your line above is an old dead-beaten horse.  From [1]: 

Regarding cyber-world misconceptions, some think that by escaping
names one can escape reality.  Others think that credit-cards deals
would not need names or any real-life id, just assets. Surely, the
merchant gets paid regardless, even if you use a false name.  But
this is not the end of id fraud. The bank still goes after the
money...and uses the law against fraudulent practices to enforce the
cardholder agreement, or criminal statues.  If Mr. X uses his wife's
credit-card, Mr. X is technically committing id fraud, and
wire-fraud. Of course it works most of the time... But when it does
not, and someone comes enforcing, someone will ask, did you Mr X,
uses Mrs X's credit-card, and represent yourself thereby as Mrs X? 

The other points of your message suffer from the same bias. Again,
using a wrong argument (such as the credit-card name/asset issue) is
not the best way to show that names are references that are locally
interpreted.

Cheers,

Ed Gerck

Reference:

[1] http://www.mcg.org.br/trusdef.htm or 
    http://www.conexware.com/mcg/trustdef.htm
______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
-- Internet saves trees, WebBoy UMC saves PCs, you save time and money