At 04:24 PM 6/6/2003 -0700, James A. Donald wrote:

>I don't think so.

??? public key registered in place of shared-secret?

NACHA debit trials using digitally signed transactions did it with both 
software keys as well as hardware tokens.
in the above scroll down to July 23, 2001 ... has pointer to detailed report?

X9.59 straight forward establishes it as standard .... with some activity 
moving on to ISO

pk-init draft for kerberos specifies that public key can be registered in 
place of shared secret.

following has demo of it with radius with public keys registered in place 
of shared-secret.
the radius implementation has been done be a number of people.

in all of these cases, there is change in the business process and/or 
business relationship .... doesn't introduce totally unrelated parties to 
the business activities. the is digital signing on the senders side 
(actually a subset of existing PKI technology) and digital signature 
verification on the receivers side (again a subset of existing PKI 
technology). To the extent that there is impact on existing business 
process ... it is like in the case of introducing x9.59 authentication for 
credit transactions that have relatively little authentication currently 
... and as a result would eliminate major portion of the existing credit 
card transaction related fraud.

The big issue isn't the availability of the technology ... although there 
is a slight nit in the asuretee case being FIPS186-2, ecdsa .... and having 
support in CAPI and related infrastructures. It not working (easily) is 
like when my wife and I were doing the original payment gateway .... with 
this little client/server startup in menlo park (later moved to mountain 
view and have since been bought by AOL) and people saying that SSL didn't 
exist ... misc ref from the past

Anne & Lynn Wheeler
Internet trivia 20th anv

Reply via email to