On 8/30/05, Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote:
That's right - this is often referred to as "policy."
Also a hammer could be used to put a screw in a piece of wood which might prevent the removal feature of the screw from working. In my opinino both implementations, your abuse of asymetric cryptography and my use of carpentry things could be done more intelligently and yield correct results.
I wonder why Mastercard/VISA didn't and don't choose to run everything themselves in house.
Not everyone wants to build secure operations facilities and purchase specialized hardware - economics affect the decision to oursource. Why do you suppose there are a few large companies managing credit card infrastructure for so many credit-card issuing banks instead of each bank developing and operating it's own system soup to nuts?
Ram A Moskovitz <[EMAIL PROTECTED]> writes:
> It depends. Do you need third party identity verification? What is
> the value of protecting the root key (do you have a hardened key
> storage device if you need one)? Is privacy a concern?
an issue is what does the digital certificate represent
That's right - this is often referred to as "policy."
... if it just
has some character string representing some information, a public key,
and a valid digital signature from some 3rd party certification
authority .... and that all digital certificates with valid digital
signatures from that certification authority are treated as valid for
the secured P2P network ... then possibly unanticipated digital
certificates from that same 3rd party certification authority will be
treated as valid (what discriminates a digital certificate for that
specific secured P2P network from all digital certificates that may
have been issued by that certification authority?).
Also a hammer could be used to put a screw in a piece of wood which might prevent the removal feature of the screw from working. In my opinino both implementations, your abuse of asymetric cryptography and my use of carpentry things could be done more intelligently and yield correct results.
like a radius or kerberos authentication infrastructure simply
upgraded for digital signature and public key operation w/o requiring
any sort of independent certification authority
I wonder why Mastercard/VISA didn't and don't choose to run everything themselves in house.
the authentication and permissions are built into the basic system w/o
requiring independent certificaiton.
Not everyone wants to build secure operations facilities and purchase specialized hardware - economics affect the decision to oursource. Why do you suppose there are a few large companies managing credit card infrastructure for so many credit-card issuing banks instead of each bank developing and operating it's own system soup to nuts?
