The PKI model is not tied to any legal jurisdiction and is not a business process. What is meant then by relying-party (RP) and RP Reliance in X.509 and PKIX? I hope the text below, from a work in progress submitted as an IETF ID, helps clarify this issue.
the TTP (trusted third party) PKI business model typically described in the early 90s ... had a business exchange between a key owner and a certification authority ... where the key owner paid the certification authority for the issuing of a certificate that bound some information to the public key. The payment of money by the key owner to the certification authority created some sort of legal relationship between the key owner and the certification authority .... with regard to the certificate.
in that environment .... the key owner then digitally signed something, and sent the something with a digital signature and the certificate to a relying-party. The relying-party was frequently assumed to be making some sort of legal reliance and recourse on the performance of the certification authority. However, w/o payment of funds and/or other legal arrangement between the relying-party and the certification authority .... there was no legal bases for reliance (unless mandated outside of traditional business context by some gov. mandate)
it appears that the GAO .... working within that semantic & structural business context ... has taken some effort to create a legal basis for reliance and recourse between the relying parties and the certification authorities for the federal PKI . It basically has something along the lines of the certification authorities signing a contractual relationship with the GAO. Then all the relying parties also sign a contractual relationship with the GAO .... then there is recourse for the relying parties on certification authority performance based on the relying parties contract with GAO (for certification authority performance) and the GAOs contract with the certification authorities (for certification authority performance). This is sort of trying to get around the lack of any implied performance and/or contractual relationship (and therefor recourse) because the relying parties haven't actually paid any money to the certification authorities.
In the simple case, having any sort of legal obligation between the certification authority and the key-owner ... and any sort of totally different legal obligation between the key-owner and a relying party ... normally would fail to create any sort of legal obligation between (the traditional TTP PKI) certification authorities (described in the early 90s) and the set of relying parties.
some of this became mute by the mid-90s with the observation that the traditionally considered identity x.509 certificates represented a significant privacy and liability exposure ... and the retrenching by infrastructures to relying-party-only certificates (effectively account number and public key ... although even a relying-party-only SET certificates could represent a factor of 100-times payload bloat). the other issue that quickly became observed if the relying-party and the certification authority were the same .... then the relying party would typically have a large superset of the information that they included in any relying-party-only certificate ... and that having the key-owner to return this small subset of information repeatedly to the relying-party (/certification authority) was redundant and superfluous .... other than possibly contributing huge computational and transmission overheads for no useful purpose.
IETF standards tend to be descriptions of protocol and parties role in the protocol. Such syntactical and semantical description of the protocols has rarely included description of any possible syntactical and semantic business relationships .... especially of the typical kind being proposed in the early 90s for TTP certification authorities.
for pkix references .... see http://www.garlic.com/~lynn/rfcietff.htm
and click on "Term (term->RFC#)" in the "RFC's listed by" section
then click on "PKI" in the "Acronym fastpath" section.
the current results:
public key infrastructure (PKI)
see also <file:///D:/users/http/rfcterms.htm#t508>authentication , <file:///D:/users/http/rfcterms.htm#t600>encryption , <file:///D:/users/http/rfcterms.htm#t770>public key
<file:///D:/users/http/rfcidx12.htm#3820>3820 <file:///D:/users/http/rfcidx12.htm#3779>3779 <file:///D:/users/http/rfcidx12.htm#3778>3778 <file:///D:/users/http/rfcidx12.htm#3770>3770 <file:///D:/users/http/rfcidx12.htm#3741>3741 <file:///D:/users/http/rfcidx12.htm#3739>3739 <file:///D:/users/http/rfcidx12.htm#3709>3709 <file:///D:/users/http/rfcidx12.htm#3653>3653 <file:///D:/users/http/rfcidx12.htm#3647>3647 <file:///D:/users/http/rfcidx11.htm#3562>3562 <file:///D:/users/http/rfcidx11.htm#3447>3447 <file:///D:/users/http/rfcidx11.htm#3379>3379 <file:///D:/users/http/rfcidx11.htm#3354>3354 <file:///D:/users/http/rfcidx11.htm#3335>3335 <file:///D:/users/http/rfcidx10.htm#3281>3281 <file:///D:/users/http/rfcidx10.htm#3280>3280 <file:///D:/users/http/rfcidx10.htm#3279>3279 <file:///D:/users/http/rfcidx10.htm#3278>3278 <file:///D:/users/http/rfcidx10.htm#3275>3275 <file:///D:/users/http/rfcidx10.htm#3174>3174 <file:///D:/users/http/rfcidx10.htm#3163>3163 <file:///D:/users/http/rfcidx10.htm#3161>3161 <file:///D:/users/http/rfcidx10.htm#3156>3156 <file:///D:/users/http/rfcidx10.htm#3126>3126 <file:///D:/users/http/rfcidx10.htm#3125>3125 <file:///D:/users/http/rfcidx10.htm#3110>3110 <file:///D:/users/http/rfcidx10.htm#3076>3076 <file:///D:/users/http/rfcidx10.htm#3075>3075 <file:///D:/users/http/rfcidx10.htm#3039>3039 <file:///D:/users/http/rfcidx10.htm#3029>3029 <file:///D:/users/http/rfcidx9.htm#2986>2986 <file:///D:/users/http/rfcidx9.htm#2985>2985 <file:///D:/users/http/rfcidx9.htm#2943>2943 <file:///D:/users/http/rfcidx9.htm#2931>2931 <file:///D:/users/http/rfcidx9.htm#2898>2898 <file:///D:/users/http/rfcidx9.htm#2847>2847 <file:///D:/users/http/rfcidx9.htm#2807>2807 <file:///D:/users/http/rfcidx9.htm#2803>2803 <file:///D:/users/http/rfcidx9.htm#2802>2802 <file:///D:/users/http/rfcidx9.htm#2797>2797 <file:///D:/users/http/rfcidx9.htm#2726>2726 <file:///D:/users/http/rfcidx8.htm#2693>2693 <file:///D:/users/http/rfcidx8.htm#2692>2692 <file:///D:/users/http/rfcidx8.htm#2587>2587 <file:///D:/users/http/rfcidx8.htm#2585>2585 <file:///D:/users/http/rfcidx8.htm#2560>2560 <file:///D:/users/http/rfcidx8.htm#2559>2559 <file:///D:/users/http/rfcidx8.htm#2537>2537 <file:///D:/users/http/rfcidx8.htm#2536>2536 <file:///D:/users/http/rfcidx8.htm#2535>2535 <file:///D:/users/http/rfcidx8.htm#2528>2528 <file:///D:/users/http/rfcidx8.htm#2527>2527 <file:///D:/users/http/rfcidx8.htm#2511>2511 <file:///D:/users/http/rfcidx8.htm#2510>2510 <file:///D:/users/http/rfcidx8.htm#2459>2459 <file:///D:/users/http/rfcidx8.htm#2440>2440 <file:///D:/users/http/rfcidx8.htm#2437>2437 <file:///D:/users/http/rfcidx8.htm#2404>2404 <file:///D:/users/http/rfcidx8.htm#2403>2403 <file:///D:/users/http/rfcidx7.htm#2385>2385 <file:///D:/users/http/rfcidx7.htm#2315>2315 <file:///D:/users/http/rfcidx7.htm#2314>2314 <file:///D:/users/http/rfcidx7.htm#2313>2313 <file:///D:/users/http/rfcidx7.htm#2311>2311 <file:///D:/users/http/rfcidx7.htm#2202>2202 <file:///D:/users/http/rfcidx7.htm#2154>2154 <file:///D:/users/http/rfcidx7.htm#2137>2137 <file:///D:/users/http/rfcidx6.htm#2085>2085 <file:///D:/users/http/rfcidx6.htm#2082>2082 <file:///D:/users/http/rfcidx6.htm#2065>2065 <file:///D:/users/http/rfcidx6.htm#2025>2025 <file:///D:/users/http/rfcidx6.htm#2015>2015 <file:///D:/users/http/rfcidx6.htm#1991>1991 <file:///D:/users/http/rfcidx6.htm#1864>1864 <file:///D:/users/http/rfcidx6.htm#1852>1852 <file:///D:/users/http/rfcidx6.htm#1828>1828 <file:///D:/users/http/rfcidx6.htm#1810>1810 <file:///D:/users/http/rfcidx5.htm#1751>1751 <file:///D:/users/http/rfcidx5.htm#1544>1544 <file:///D:/users/http/rfcidx4.htm#1424>1424 <file:///D:/users/http/rfcidx4.htm#1423>1423 <file:///D:/users/http/rfcidx4.htm#1422>1422 <file:///D:/users/http/rfcidx4.htm#1421>1421 <file:///D:/users/http/rfcidx4.htm#1321>1321 <file:///D:/users/http/rfcidx4.htm#1320>1320 <file:///D:/users/http/rfcidx4.htm#1319>1319 <file:///D:/users/http/rfcidx3.htm#1186>1186 <file:///D:/users/http/rfcidx3.htm#1115>1115 <file:///D:/users/http/rfcidx3.htm#1114>1114 <file:///D:/users/http/rfcidx3.htm#1113>1113 <file:///D:/users/http/rfcidx3.htm#1040>1040 <file:///D:/users/http/rfcidx3.htm#989>989
clicking on any RFC number will bring up the RFC summary in the lower frame. Clicking on the ".txt" field in the RFC summary will fetch the actual RFC.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
