On Tuesday 31 May 2005 23:43, Anne & Lynn Wheeler wrote: > in most business scenarios ... the relying party has previous knowledge > and contact with the entity that they are dealing with (making the > introduction of PKI digital certificates redundant and superfluous).
Yes, this is directly what we found with the signed contracts for digital instruments (aka ecash). We did all the normal digital signature infrastructure (using PGP WoT and even x.509 PKI for a while) but the digsig never actually made or delivered any meaningful biz results. In contrast, it was all the other steps that we considered from the biz environment that made the difference: a readable contract, a guaruntee that it wouldn't change, a solid linkage to every transaction, and so forth and so on. In the end, the digital signature was just crypto candy. We preserve it still because we want to experiment with WoT between issuers and governance roles, and because we need a signing process of some form. In any small scenario (<1000 users) that sort of linkage is better done outside the tech and for large scenarios it is simply unproven whether it can deliver. http://iang.org/papers/ricardian_contract.html iang PS: must look up the exec summary of aads one day! -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]