more words on electronic commerce vs. PKIs

Carl Ellison cme at cybercash.com
Tue, 28 Apr 1998 16:40:12 -0400 

-----BEGIN PGP SIGNED MESSAGE-----

At 07:09 PM 4/28/98 +0100, Ben Laurie wrote:
>Carl Ellison wrote:
>> However, when one considers heavier contracts (e.g., the purchase of a home
>> or the establishment of a major business relationship), it is clear that the
>> signing of a contract needs to be backed up by knowledge on the part of each
>> party about the other party.  If the parties are unknown to each other, this
>> knowledge must come from some third sources.  One has to trust those
>> sources, but that does not mean that these become TTPs, in the sense the DTI
>> uses that term.
>
>Not really arguing with your general thrust, but this really doesn't
>seem to me to capture the process (of buying a house, at least) at all
>well. I actually bought a new house last year. I bought it from a
>couple, one of whom I met once. The deal was brokered by an estate
>agent. Again, I met him once. My solicitor dealt with the paperwork.
>I've never met him. Their solicitor dealt with their paperwork, and I
>don't even know who he/she was. The money I used to buy the house came,
>mostly, from a mortgage company. I've never met them. With a
>considerable amount of effort, I may be able to figure out whose money
>it actually is (probably other customer's of some bank - but not the
>bank that operates the mortgage, coz that's a different bank from the
>one that lent the money). What actually glued this all together, as far
>as I can work out, is the solicitors, who hold onto everything until all
>the right bits of paper, money, etc, have accumulated, and then do a
>swift exchange. Because they are solicitors, we trust them to do it
>without pulling a fast one.
>
>Who will take their place in the eCommerce world?

I think that's a valuable question to answer.  All I know for sure is that 
a (name,key) CA isn't in the running.

You didn't know these people personally and probably didn't need their 
names, but you did need to know their credentials.  The bank had to have 
money to loan.  The solicitor had to have some kind of license and 
experience in real estate.  The seller had to have clear title to the
house.  All of these facts could be certified without reference to
any common (or distinguished) names.

I bet we could take this real example and reduce it to a map of credentials 
each party needs to view about the others.  Once we have such a map, we 
could determine who would be in authority to issue such credentials.

In fact, that sounds like a great project for someone.  Ross Anderson mapped 
out what the medical profession needs in the way of credentials and who 
would issue them.  I would love to see a book with a chapter for each class 
of transaction we're all faced with (going to a doctor, getting a 
prescription, buying a house, buying a car, voting, ...), showing how that 
would be handled electronically.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNUY+qxN3Wx8QwqUtAQG6IgQAjUD9AcE8S1SLwoPoc2BMXpkbvjegeKSR
8oMjKNaCA3TcuPPwNvCLlVtGiSydZ3pGHjvJvSQkVhszOr6rJdLPLH8XZIti7+Je
0H+OPUOTwwYa98hWA2lOvytgypyO74rPJc6aEGK/HXw4/GNn7sATNZ1sBiDYZOwt
DOhvicvM+hk=
=JEy3
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+