Certificates Useful for Electronic Commerce?
Ben Laurie
ben at algroup.co.uk
Sat, 07 Aug 1999 00:05:23 +0100
Brian Gladman wrote:
>
> From: Ben Laurie <ben@algroup.co.uk>
> To: <ukcrypto@maillist.ox.ac.uk>
> Sent: 06 August 1999 16:26 PM
> Subject: Re: The obscurity of clause 7 of the draft Bill
>
> > Nicholas Bohm wrote:
> > > I happen to doubt the significance of certificates
> > > for electronic commerce;
> >
> > It would be interesting to hear why (and what you think can replace
> > them), but not in this thread.
>
> I think the real issue here is the definition of a 'certificate'. If it is
> an identity certificate - one that is trying to link a person's identity to
> a key in some way - then I believe Nicholas is entirely right to doubt their
> value. And, since this seems to be the sort of certificate the Government
> is aiming at, this does lead to a concern that the parts of the Bill dealing
> with signatures will do very little for electronic commerce.
>
> If however, a certificate confers some form of permission on a key (and/or a
> key holder) then I am less doubtful and I do believe that certificates will
> have uses. However, this type of certificate will typically be issued and
> verified within a context set by multiple closed two party relationships
> where contracts can be used to set the conditions of use and hence avoid the
> difficult issues of open third party liability.
I recently added Keynote support to Apache-SSL which supports exactly
this kind of thing. The stuff you produce to drive Keynote I would
hesitate to call a certificate, though.
> And, of course, we do not need any legislation to validate the use of
> certificates in such situations.
Absolutely not.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi