OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] More on PKI four-corner models

>> I claim that the Four Corner model is the single most hampering thing
>> to wide-scale PKI-deployment because it makes receivers' possibly pay
>> for messages that they maybe did not even wanted!

>Really?  You really believe that?  Receiver pay for validation
>services is what has held back PKI?

Rich,
You are right, this has not been the most hampering thing so far.  I see
rather that it will _become_ that due to the fact that TTPs in Europe
more and more spell = Banks.

A scenario to think about:

Ford motor company (a BIG company) certifies their smaller suppliers
so they can send signed invoices to Ford.
However, Ford also buys stuff from suppliers all over the world and
some big ones as well.  They provide their own certificates.  Some
are in-house, some are from open TTPs, and some are from pay-per-
validation TTPs.

Ford's RP software is now a hodgepodge of PKIX-compliant and
proprietary validation proxies like Identrus' transaction coordinator.

Off-the-shelf software and operating systems are unlikely to be able
to cope with this unless somebody standardizes a trust network
arbitration scheme that everybody adheres to.

This is about the same as Payment Service Providers (PSPs) that
take care of all the yucky stuff regarding different card-brands.
The problem with this applied to PKI, is that there likely always
will be a mix of free and pay-per-validation PKIs, which (in order
to save transaction fees) will put more burdens on customers.

Who is prepared to start a standardization effort addressing trust
network arbitration?  I will not join as I think it is a bad thing
from the beginning.  Validation will hardly be more expensive
that accessing a web-page in 5-10 years from now as crypto
will be an intrinsic part of every CPU!

It may be of some interest to know that PKI for e-governments in
Sweden has come to a dead halt due to the different business
models (and associated technical solutions) offered by the four
competing (completely incompatible) trust networks.

Anders

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]