[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] More on PKI four-corner models
>> I claim that the Four Corner model is the single most hampering thing >> to wide-scale PKI-deployment because it makes receivers' possibly pay >> for messages that they maybe did not even wanted! >Really? You really believe that? Receiver pay for validation >services is what has held back PKI? Rich, You are right, this has not been the most hampering thing so far. I see rather that it will _become_ that due to the fact that TTPs in Europe more and more spell = Banks. A scenario to think about: Ford motor company (a BIG company) certifies their smaller suppliers so they can send signed invoices to Ford. However, Ford also buys stuff from suppliers all over the world and some big ones as well. They provide their own certificates. Some are in-house, some are from open TTPs, and some are from pay-per- validation TTPs. Ford's RP software is now a hodgepodge of PKIX-compliant and proprietary validation proxies like Identrus' transaction coordinator. Off-the-shelf software and operating systems are unlikely to be able to cope with this unless somebody standardizes a trust network arbitration scheme that everybody adheres to. This is about the same as Payment Service Providers (PSPs) that take care of all the yucky stuff regarding different card-brands. The problem with this applied to PKI, is that there likely always will be a mix of free and pay-per-validation PKIs, which (in order to save transaction fees) will put more burdens on customers. Who is prepared to start a standardization effort addressing trust network arbitration? I will not join as I think it is a bad thing from the beginning. Validation will hardly be more expensive that accessing a web-page in 5-10 years from now as crypto will be an intrinsic part of every CPU! It may be of some interest to know that PKI for e-governments in Sweden has come to a dead halt due to the different business models (and associated technical solutions) offered by the four competing (completely incompatible) trust networks. Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]