Ed Reed wrote: > Getting PKI baked into the every day representations people routinely > manage seems desirable and necessary to me. The pricing model that has > precluded that in the past (you need a separate PKi certificate for each > INSURANCE policy?) is finally melting away. We may be ready to watch > the maturation of the industry.
as part of some work on cal. & fed. e-signature legislation ... one of the industry groups involved was the insurance industry. rather than PKI certificates, there was some look at real-time, online transactions ... where the liability was calculated on the basis of each individual transactions. The PKI certification model ... somewhat is paradigm for the letters of credit offline scenario from the sailing ship days. in the modern world ... that somewhat states that the certificate is issued for a period of time ... possibly one year ... and theoritically covers all operations that might occur during the period of that year ... ragardless of the number of operations that might be involved during that period ... where each operation carried liability. in the online scenario ... rather than having a stale, static certificate that carried with it implied liability for the period of time, independent of the number of operations ... each individual operation was a separatee liability operation. one could imagine insurance on a large tanker for a period of a year with regard to sinking. that translation to an electronic world ... would be that the tanker would have an arbitrary number of sailings ... and could sink on each sailing ... and having sunk on a previous sailing ... wouldn't prevent it from its next assignment and sinking again. the "insurance" in the credit card industry is that there is an online operation for each transaction ... and each transaction involves the merchant being charged a value proportional the transaction value. the liability is taken on each online transaction ... rather than for a period of time ... regardless of the number or magnitude of the transactions. this is somewhat with respect to my previous reply that the certification and assurance of the certificaqtion can be independent of the way that certification is represented. in the past for the offline world ... having a stale, static certificate representing that certification was useful ... because there was no way of obtaining real-time, online certification information. with ubuquitous online availability, there has been more and more transition to real-time online certification represwentation especially as the values involved increases (frequently the real-time, online certification representation can involve higher quality and/or more complex information ... like real-time aggregated information ... which is rather difficult with a stale, static represnetation creaed at some point in the past) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]