more words on electronic commerce vs. PKIs

Nicholas Bohm nbohm at ernest.net
Wed, 29 Apr 1998 13:11:09 +0100 

At 09:58 29/04/1998 +0100, Charles Lindsey wrote:
>	On Tue, 28 Apr 1998 16:40:12 -0400
>	Carl Ellison <cme@cybercash.com> said...
>
>> I think that's a valuable question to answer.  All I know for sure is that 
>> a (name,key) CA isn't in the running.
>> 
>> You didn't know these people personally and probably didn't need their 
>> names, but you did need to know their credentials.  The bank had to have 
>> money to loan.  The solicitor had to have some kind of license and 
>> experience in real estate.  The seller had to have clear title to the
>> house.  All of these facts could be certified without reference to
>> any common (or distinguished) names.
>
>The obvious answer in this situation is for the Law Society to become a
>Licensed CA, and to issue certificates to the effect that "This is the
>public key of X, who is a member of this society".

It already issues Practising Certificates, and all that would have to be
added would be the public key of the solicitor (or the key fingerprint).

However, nobody has ever sued the Law Society (as far as I know) for
issuing a certificate to the wrong person, or naming someone who isn't in
fact entitled to a certificate, and the prospects of acquiring a whole new
set of liabilities (assuming that is feared as the consequence of certifyng
keys) may be unattractive.  And the Law Society doesn't really know its
members "personally", or know their handwritten signatures, or do a lot of
cross-checking, or run very secure computer systems, etc; and it might not
like the cost of the measures needed to obtain accreditation.  So there may
be some way to go.

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF