both atm debit network and domain name infrastructure care capable of local caching .... so that timelyness is within seconds to minutes (or a few hrs as parameter within the needs of the infrastructure). the offline world for certificates is the analogy of the letters of credit from the days of the sailing ships. near real time with managed caching (with relying parties forced to deal with stale credentials manufactored months or years in the past).
part of the issue in clearing is who has the "liability" at any particular instance; in the case of debit network caching there are very specific procedures and processes. Are you suggesting that the certification industry will assume liability in the case of offline clearing associated with mars colonilization? the process tends to be authentication, authorization, and finally settlement and clearing. sometimes authorization, settlement and clearing can be batched. if you are really talking about the bank account balance resides on the earth and the access is from mars .... offline authentication (clearing really needs to know whether the money actually exists or not .... regardless of whether or not you are dealing with the owner of the account) doesn't get you clearing .... and real clearing needs to know that the money really exists (not just that a person is authenticated) ... and if the account balance is on earth and it takes 30 minutes elapsed time to establish it ... then that it what it takes. More realistic is account balance caching at some near real-time location on mars ... say within the parameters of the ATM withdrawal limit. At one point in the PKI evolution there was the proposal that there could be certificates analogous to the '70s "signing limit" checks .,... an attempt to create certificates that not only provided authentication information but also some hypothetical useful approximation to authorization information (aka not quite reqressing totally to the pre-70s credit card model). The issue in the "signing limit" checks was when they found people writing 200 $5000 (limit) checks to get a million. What has been seen since that time is near real-time purchasing department operation (including business purchase cards that leverage the credit card system) to provide real-time aggregation ... as opposed to sinlge event operation. In the ATM machine withdrawal case, there are typically both single widthrawal limits as well as daily aggregate withdrawal limits (aka the PKI proposal for credit cards turned out to be a business process regression to pre-70s and the PKI proposal for business checks turned out to be a business process reqression to pre'80s). Typically what you might have in a ATM withdrawal case .... with foreign ATM machine (not your local bank) .... is that the owner of the ATM machine is given a guarentee of funds from your financial institution prior to the ATM machine releases paper money. Your bank then effectively debits your account for the equivalent amount of funds. Then typically sometime that evening, there is a settlement operation where there is funds transfer from your bank to the financial institution that owns the ATM. An offline, stale certificate .... only (slightly) addresses the issue of authentication .... say an identification certificate ... which might not even provide a binding between you and any particular bank or bank account. Some sort of binding between you, your bank, and your bank account is needed .... just for the authentication phase of what you are talking about. There is still the authorization phase needed so that the owner of the ATM machine believes that it can receive something (in return for spitting out paper bills). That effectively has to find that there are actually sufficient funds in your account. So a more realistic scenario would be that there is possibly dual account, one local and one on earth ... with funds floating back and forth as needed in evening settlements. If you are on Mars there is some local financial branch with local record of funds that you have immediately available and which can authorize that amount of money. A "local" financial branch implementation and a digital cash implementation might have a number of similar useability attributes .... aka from the standpoint of how local funds do you have immediately available .... aka funds are transferred into you local PDA as digital cash for immediate use .... or funds are transferred into the local financial institution for immediate use. ray dillinger <[EMAIL PROTECTED]> on 12/28/2001 2:29 pm wrote: The only case in which the PKI solution is not redundant is in offline clearing. But getting your point-of-transaction online is easier than paying attention to PKI. I happen to like offline clearing -- it opens up the possibility of new transaction types and doing transactions in places you couldn't before. But the practical issue is, everybody who's interested in electronic transactions of any kind is also interested in getting online, and when PKI's were deployed in "developing" areas (south africa) they got dumped just as soon as the area was developed enough for communications to support online clearing. On the principle of people refusing to adopt something until it relieves pain, maybe we won't see a real PKI deployed until we need to serve markets where speed-of-light delays make online clearing impractical. Mars, for example, is 3 to 22 light-minutes away. I don't imagine someone using an ATM on Mars is going to want to wait 12 to 88 minutes for online clearing (more if the protocol is talky or the bandwidth is busy...). So a martian colony might be the first practical application of PKI and/or digital cash, assuming the colonists want to do business with Earth companies. But a colony looks pretty distant right now: we haven't even got an outpost there yet. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]