note in this cross posting from ietf pkix, cross-posted from bar association mailing list ... mentions banks being able to attest to some assertion. http://www.garlic.com/~lynn/aadsm14.htm#43 PKI's not working
that effectively what an x9.59 transaction is ... the financial institution providing real-time confirmation about some assertion regarding payment. this was generalized quite a bit in the FSTC FAST project .... which effectively took the 8383 payment transaction model and extended it to other types of assertions; aka zip-code, >21 years old, <16years old, etc. Some generalized assertion was made (not just about payment) and the financial institution either affirmed it or didn't affirm it. it wasn't a case somewhat outlined in http://www.garlic.com/~lynn/aadsm14.htm#41 certificates & the alternative view where huge amounts of identity and privacy information could be overloaded into a certificate ... which then could be sprayed all around the world. x9.59 refs: http://www.garlic.com/~lynn/index.html#x959 http://www.ca0.net/ some past FSTC FAST discussions: http://www.garlic.com/~lynn/99.html#217 AADS/X9.59 demo & standards at BAI (world-wide retail banking) show http://www.garlic.com/~lynn/aepay10.htm#8 FSTC to Validate WAP 1.2.1 Specification for Mobile Commerce http://www.garlic.com/~lynn/aepay10.htm#31 some certification & authentication landscape summary from recent threads http://www.garlic.com/~lynn/aadsm11.htm#40 ALARMED ... Only Mostly Dead ... RIP PKI ... part II http://www.garlic.com/~lynn/aadsm11.htm#42 ALARMED ... Only Mostly Dead ... RIP PKI ... part III http://www.garlic.com/~lynn/aadsm12.htm#39 Identification = Payment Transaction? http://www.garlic.com/~lynn/aadsm12.htm#41 I-D ACTION:draft-ietf-pkix-sim-00.txt http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication http://www.garlic.com/~lynn/2002o.html#57 Certificate Authority: Industry vs. Government -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm
