[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-CARM] PKI, CAs, TTPs &c.

Hell will freeze over before I'll use a crypto digital signature
system that relies on a third party to generate key pairs, because
the whole idea of non-repudiation rests on the concept that the
private key is *never* in the hands of anyone *except* its
legitimate user, and this certainly includes the key generation

A 10:30 27/03/98 -0500, Carl Ellison a écrit :
>At 06:52 AM 3/27/98 -0800, Lynn.Wheeler@firstdata.com wrote:
>>i believe so .... we actually have a distinction proposed that any
>>digitally signed
>>document attesting to the validity of a public/private key pairing is a
>>... the distinction is that a client (in the bank case) sends
>>a self-signed
>>certificate to the bank (CA) as part of certification process
>>(demonstrating that the client
>>has the private key that corresponds to the public key in the
>>process) ...
>This is a good step, but not all CAs do this, so we need to continue
>telling people to do this.

I would not accept such a statement as a general truth.

Possibly I am a pessimistic guy, but I don't really expect any
significant deployement of purely certs based technologies/systems
in the payment and real e-business domains until users (ie payers,
consumers) are widely equiped with
- crypto enabled smart-cards
- "safe" smart card readers
And once this happens then I doubt the model for the key management
will be the one above, on the contrary the experience gained
with sevral tens of millions of crypto enabled smart-cards is
that the key generation (and thus storing of the secret AND of
the certificates) are done "centraly" and then the tangible cards
are distributed to the consumers. Maybe one day "card personalization"
will take place on the consumer workstation, but we better be patient :-)


-- PAP


mailto:pays@edelweb.fr            http://www.edelweb.fr/
tel: +33 (0) 156 541 940                   fax: +33 (0) 156 541 941

+ For information about the cert-talk mailing list, including archives     +
+ and how to subscribe and unsubscribe, visit:                             +
+                http://mail.structuredarts.com/cert-talk                  +