On Tuesday 31 May 2005 23:43, Anne & Lynn Wheeler wrote:
> in most business scenarios ... the relying party has previous knowledge
> and contact with the entity that they are dealing with (making the
> introduction of PKI digital certificates redundant and superfluous).

Yes, this is directly what we found with the signed
contracts for digital instruments (aka ecash).  We did
all the normal digital signature infrastructure (using PGP
WoT and even x.509 PKI for a while) but the digsig
never actually made or delivered any meaningful biz
results.  In contrast, it was all the other steps that
we considered from the biz environment that made
the difference:  a readable contract, a guaruntee
that it wouldn't change, a solid linkage to every
transaction, and so forth and so on.

In the end, the digital signature was just crypto
candy.  We preserve it still because we want to
experiment with WoT between issuers and governance
roles, and because we need a signing process of
some form.  In any small scenario (<1000 users)
that sort of linkage is better done outside the tech
and for large scenarios it is simply unproven whether
it can deliver.



PS: must look up the exec summary of aads one day!
Advances in Financial Cryptography:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to