"Anders Rundgren" <[EMAIL PROTECTED]> writes: > Lynn, > > Some TTP CAs actually *do* require RP contracts. > > The "only" problem with that is that this is usually also connected to > RP authentication to OSCP services for payment purposes. > > So even if the certs are stale the information is dynamically verified.
so this is the stale, static, redundant and superfluous scenario. the problem with OSCP services is that it supposedly just says yes/no as to whether the stale, static certificate information is still applicable or not. as mentioned ... this has all the overhead of having an online service w/o any of the benefits. the payment infrastructure moved out of this archaic design in the 70s with online authentication and authorization with timely online access to the actual, real information ... like aggregated information of sequences of operations ... resulting in things like support for fraud detection patterns and current account balance. the current account balance represents the starting value (which you might or not might considering including in a stale, static, redundant and superfluous certificate?) plus the aggregation of all the ongoing operations updating the current account balance with subtractions and additions (say issue a brand new stale, static, redundant and superfluous certificate everytime there is an account balance update and then spray it all over the world to every possible and/or potential relying party). -- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
