EU DIRECTIVE ON SIGNATURES

Mon, 24 Aug 1998 08:18:28 -0500

-----BEGIN PGP SIGNED MESSAGE-----

In <35E1378A.E56D4FE2@cs.ucl.ac.uk>, on 08/24/98 
   at 10:51 AM, Ian Brown <I.Brown@cs.ucl.ac.uk> said:

>> Yes, but amazon.com would be most concerned that the entity that
>> purported to state that the number you quoted was good for the amount in
>> question was indeed that well known organisation VISA, and a certificate
>> to that effect (perhaps from a CA) should resolve that.

>Sorry, I misread this bit.

>A company would know that public key x belonged to Visa because Visa's
>certs will be built into every piece of e-commerce software in the world
>;)

>In general though, if a company takes payment through an electronic
>system, the operator of the system will provide the necessary
>certificates when the company opens their merchant account with the
>system.

This may work for small companies but will not work for corporations.

Companies who extend credit will have to set up their own CA's and
establish their own policies for who they will extend credit to and who
they will not. While they may go to outside sources to gather information
so they can make their decisions, ultimately the decision is theirs.

On these issues the e-comm world is not any different than current
meta-world transactions. To think that companies are going to give up
control of their fiscal policies to TTP's because they are doing business
over the 'Net is failing to understand the dynamics involved.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
- ---------------------------------------------------------------

Tag-O-Matic: If at first you don't succeed, work for Microsoft.