the other scenerio that some certification agencies have expressed (i.e.
licensing bureaus, bbb, consumer report, etc operations) is that in the online
world ... that they would provide an online service .... rather than
certificates designed for an offline world. the online website provides a
superior experience, real-time information, and a better binding between the
certification agencies and the relying parties (i.e. current use of certificates
totally disintermediate the certification authorities and the relying parties
.... except in the scenerio where the certification authority and the relying
party are the same ... in which case the certificates are redundant and
superfulous).
in the shopping experience trust establishment ... trust can be established in a
variety of ways, brand, advertisement, word-of-mouth, previous experience, etc.
certification trust is just one of the many ways of establishing various kinds
of trust. however, any certification trust in the online environment could be
better provided by online certification delivery vehicle ... rather than an
offline (certificate) vehicle (which disintermediates the certification agency
and the relying party).
"Arnold G. Reinhold" <[EMAIL PROTECTED]> on 11/22/2000 08:00:34 AM
Please respond to "Arnold G. Reinhold" <[EMAIL PROTECTED]>
To: Bram Cohen <[EMAIL PROTECTED]>
cc: Ben Laurie <[EMAIL PROTECTED]>, Lynn Wheeler/CA/FDMS/FDC@FDC,
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Public Key Infrastructure: An Artifact...
At 1:59 PM -0800 11/20/2000, Bram Cohen wrote:
>On Mon, 20 Nov 2000, Arnold G. Reinhold wrote:
>
>> Perry's last sentence gets to the heart of the matter. If CAs
>> included a financial guarantee of whatever it is they are asserting
>> when they issue a certificate, then all these problems would go away.
>
>They aren't going to.
>
>-Bram Cohen
>
It's still early in the game to be so certain. But if you are right,
that in it self is an indictment of PKI. If there really is a market
for trust establishment and a form of PKI is the low cost producer of
trust, then someone should be able to make money by using their
expertise to assemble a technology suite and sell trust insurance
based on the spread between the risk perceived by the market and what
they know to be a lower risk. If such services never develop, it
either means there is no market or PKI doesn't have enough economic
impact to cover the costs of starting such a business.
Arnold Reinhold
For help on using this list (especially unsubscribing), send a message to
"[EMAIL PROTECTED]" with one line of text: "help".
