[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [E-CARM] PKI, CAs, TTPs &c.
A 10:30 27/03/98 -0500, Carl Ellison a écrit :
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 06:52 AM 3/27/98 -0800, Lynn.Wheeler@firstdata.com wrote:
>>
>>i believe so .... we actually have a distinction proposed that any
>>digitally signed
>>document attesting to the validity of a public/private key pairing is a
>>"certificate"
>>
>>... the distinction is that a client (in the bank case) sends (effectively)
>>a self-signed
>>certificate to the bank (CA) as part of certification process
>>(demonstrating that the client
>>has the private key that corresponds to the public key in the certification
>>process) ...
>
>This is a good step, but not all CAs do this, so we need to continue
>telling people to do this.
>
I would not accept such a statement as a general truth.
Possibly I am a pessimistic guy, but I don't really expect any
significant deployement of purely certs based technologies/systems
in the payment and real e-business domains until users (ie payers,
consumers) are widely equiped with
- crypto enabled smart-cards
- "safe" smart card readers
And once this happens then I doubt the model for the key management
will be the one above, on the contrary the experience gained
with sevral tens of millions of crypto enabled smart-cards is
that the key generation (and thus storing of the secret AND of
the certificates) are done "centraly" and then the tangible cards
are distributed to the consumers. Maybe one day "card personalization"
will take place on the consumer workstation, but we better be patient :-)
Cheers,
-- PAP
____________________________________________________________________
mailto:pays@edelweb.fr http://www.edelweb.fr/
tel: +33 (0) 156 541 940 fax: +33 (0) 156 541 941
Follow-Ups:
References: