I believe we are in agreement with what the fourth corner does in a trust network, it is like the relying party's insurance, link to the law, etc.
A problem as I see it is what the fourth corner (or TPP CA) is prepared to vouch for in an non-payment situation. It can surely not make any warranties (in contrast to payments) about the value and credibility of the client, only that it has performed an RA and certification process according to some written practice statements. Does the RP need a business relation with the trust network in order to be able to sue a misbehaving client who is repudiating its actions? Some people claim that, I don't. If the signature can be technically derived to the client's key, the client is toast. Is the fourth corner is supposed to protect the RP from client key misuse/theft? I would say that this would be a very bad idea as the key may have been used to open information banks of incredible value that no insurance will cover and is not possible to rollback either. Authentication <> Payments! But if the faulty operation is due to certification errors, probably due to identity fraud? Then we enter the real CA liability scene. RP contracts have the same function as US SW licenses: To make you aware that nothing is really guaranteed, it is sold "as is". Is this acceptable? This is hard to say, it is rather depending on how frequent errors are and the consequences of those. A problem is that a fourth corner can do nothing about identity fraud which in my opinion makes it less viable regardless of its possible legal value. So of course it is good to have business relations between parties in a trust network, but don't expect to get compensation when things go REALLY wrong. It is also rather hard to run court trials regarding information theft as it is hard to put a value on copied information. Due to these problems I believe the fourth corner is something that bank-operated trust networks should not take for granted. Particularly if it causes business parties to pay for received messages rather than (or in addition to) for sending messages. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, June 28, 2003 22:30 Subject: Confusing business process, payment, authentication and identification You may be absolutely correct that the Four Corner model is the single biggest inhibitor to the wide-scale deployment of PKI. The Four Corner model actually requires a legally binding chain of trust (somewhat analogous to chain of evidence in legal proceedings) as the fundamental basis for a real live, sound business-based, trust network. The majority of the PKIs are technical descriptions that wave their hands about trust networks but absolutely fail to provide any legally binding and/our sound business basis for trust operations and contractual recourse. Having a valid, real-live sound business trust network as a counter-example to some artifact that just waves its hands about being a trust network (w/o any sound business basis) is probably a real downer. Before continuing the description, I wonder if we can come to an agreement that we arent't talking about authentication and payment as purely academic, theoritic concepts totally unrelated to any useful purpose? Furthermore, can we agree that the majority of the people in the world aren't going out every day, entering retail establishments and performing random acts of payment and/or random acts of authentication unrelated to any useful business activity (aka they aren't at the retail establish to obtain goods or services, they are purely there to perform random acts of payment and authentication). That the payment and authentication constructs being discussed are occuring within the context of some business operation or purpose (nominally some exchange of value is occuring .... aka somebody buys something as opposed to giving away money for no reason what so ever). Furthermore, the traditional four corner model is slightly more than the guy trying to sell the brooklyn bridge and saying trust me, there are financially responsible parties for both the consumer and merchant with contracts and legal recourse (w/o the N times M scaleup problem requiring 120 billion independent contracts). The four corner model isn't trivial payment system for the enjoyment of people wanted to perform random acts of payment. As outlined in the original post, the merchant financial institution is the legally liable party for the merchant and the consumer/issuer financial institution is the legally liable party for the consumer. There are specific contractual and business relationships based on exchange of value that are the basis for this relationships. Asserting that the fourth party does nothing but add cost is like saying that the insurance business process does nothing but add cost. The four corner model is providing contractual legal recourse trust operating in both directions .... a contractual trust chain for the merchant to the consumer, and a contractual trust chain for the consumer to the merchant. The reference post and the URL pointers to ones with similar content go to some great length to describe valid, recognized legally liable, contractual relationships. And as further explained that it is typically only governments that can pass laws that create legal liabilities when there is no business foundation for such to exist. A trust network is an artificial construct that has actual business relationship between all parties (or some fictional business relationship created by government mandate). In the normal, offline, stale, static certificate based infrastructure, there is no valid business relationship that exists between the certifying body and the relying-party. In all of the existing online scenarios (like the credit network), the online transaction directly between the certifying body and the relying party creates a contractual relationship (where none exists in the stale, static certificate paradigm). As been repeatedly been pointed out in similar past discussions of this subject, the GSA created the facade of the business infrastructure relationship by contractual relationships between all the the TTP CAs as a legal agent of the GSA and all the relying parties having contracts with the GSA with regard to the acceptance of certificates. That provided the basis for contractual relationship and recourse between the relying-parties and the TTP CAs .... by having a third party (the GSA) have a valid contract with each of the relying-parties (and the TTP CAs having contracts with the GSA such that they effectively operated as a GSA legal agent). The GSA infrastructure created a legally binding relationship with four corners (the certificate owner, the certifying TTP CA, the GSA, and all the relying parties) that doesn't exist at all in the traditional 3-corner trust network stale, static certificate paradigms. The example of some places in the world trying to deal with establishing valid business and contractual relationship (where none actually exists in the traditional "trust network" description) results in N times M set of bilaterial contracts which scales poorly (i.e. four million merchants and thirty thousand financial institutions results in 120 billion contracts). A real trust network is sort of like chain of evidence in legal proceedings. In real live business world, there has to be some real live basis for legal liability and recourse, normally this is a valid contract. In some cases, governments can create artificial legal liability and resource when there is no direct business basis for it. Ok, in the financial four corner model there is actually two totally independent trust operations occuring simultaneously. 1) the consumer has contract with their financial institution that they can trust, the consumer financial institution (effectively) has a contract with the merchant financial institution (that they can trust), and the merchant financial institution has contract with the merchant. That means that there is direct contractual relationship, the consumer trusts their bank, their bank trusts the merchant bank, and the merchant bank trusts the merchant. If the chain of trust is broken with regard to the consumer trusting the merchant, the merchant bank stands in. 2) the merchant has contract with their financial institution that they can trust, the merchant financial institution (effectively) has a contract with the consumers financial institution (that they can trust), and the consumer's financial institution has a contract with the consumer. That means that there is a direct contractual relationship, the merchant trusts their bank, their bank trusts the consumers bank, and the consumer bank trusts the consumer. If the chain of trust is broken with regard to the merchant trusting the consumer, the consumer bank stands in. In the majority of the existing TTP CAs implementation, there is a contractual basis for trust based on exchange of value between the consumer (public key owner) and the TTP CA (certifying body) based on exchange of value, the consumer pays for buying the certificate. There is absolutely no legally, valid chain of trust that establishes a trust network between the TTP CA and the merchant (relying party). There is no basis for it from a business perspective. THERE IS ABSOLUTELY NO BUSINESS RELATIONSHIP BETWEEN THE MERCHANT AND THE TTP CA THAT ESTABLISHES THE BASIS OF TRUST so there is no chain of trust and there is no trust network. A government can pass legislation claiming there is, but there is no business basis for one. GSA fabricated one with contracts with the TTP CAs, making them agents of the GSA and direct contracts between the GSA and all the relying parties (somewhat mitigating the N times M scaleup problem requiring every possible relying party to have a seperate contract directly with every possible TTP CA). In the financial four corner model there is actually a step-by-step process that establishes the individual trust chain links which form a chain of trust resulting in a trust network. Furthermore, there are actually simultaneously two trust operations going on, one in each direction .... the merchant trusting the consumer and the consumer trusting the merchant. So, who is legally liable if the merchant goes bankrupt and/or skips town if the acquirer doesn't exist? Unless the merchant has a legally binding contract with the consumer's financial institution, the consumer's financial institution has no contractual relationship for acting on the behalf of the consumer. Furthermore, the merchant doesn't have any basis for acting against the consumer's financial institution, if the consumer doesn't pay. So, in the previous posts & examples, X9.59 was shown as equally applying to the two-corner model, the three-corner model, and the four-corner model. As you pointed out payments and authentication are different issues. Authentication and payments are applicable to a range of business environments. The four corner model represents independent agents being financially respresentating their respective clients. The four corner model is somewhat analogous to civil litigation where both parties have their respective lawyers to represent their individual interests. One of the parties is not participating in civil litigation and is assuming that their opponents lawyer can be replied upon to represent their interests (as opposed to their opponents interests). some past discussion of GSA contractual infrastructure necessary to establish PKI trust network: http://www.garlic.com/~lynn/aadsm12.htm#22 draft-ietf-pkix-warranty-ext-01 http://www.garlic.com/~lynn/aadsm12.htm#41 I-D ACTION:draft-ietf-pkix-sim-00.txt http://www.garlic.com/~lynn/aadsm12.htm#42 draft-ietf-pkix-warranty-extn-01.txt http://www.garlic.com/~lynn/aadsm14.htm#37 Keyservers and Spam http://www.garlic.com/~lynn/aadsm14.htm#47 UK: PKI "not working" random refs: http://www.garlic.com/~lynn/aadsm14.htm#41 certificates & the alternative view http://www.garlic.com/~lynn/aadsm14.htm#47 UK: PKI "not working" http://www.garlic.com/~lynn/aepay11.htm#66 Confusing Authentication and Identiification? http://www.garlic.com/~lynn/aepay11.htm#67 Confusing Authentication and Identiification? http://www.garlic.com/~lynn/aepay11.htm#68 Confusing Authentication and Identiification? http://www.garlic.com/~lynn/aepay11.htm#69 Confusing Authentication and Identiification? http://www.garlic.com/~lynn/aepay11.htm#70 Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/aepay11.htm#71 Account Numbers. Was: Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/aepay11.htm#72 Account Numbers. Was: Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/aepay11.htm#73 Account Numbers. Was: Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/aepay12.htm#0 Four Corner model. Was: Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/aepay7.htm#3dsecure 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure http://www.garlic.com/~lynn/2002m.html#19 A new e-commerce security proposal http://www.garlic.com/~lynn/2002n.html#25 Help! Good protocol for national ID card? [EMAIL PROTECTED] on 6/28/2003 7:59 am wrote: "The four corner model is a valid business model with all four parties filling a valid business role .... totally independent of whether the delivery vehicle involves offline, stale, static certificates." On the contrary. If the TTP (credential issuer) is a part of a rust-network, the fourth corner (acquirer) is redundant as there is nothing a fourth party can add but costs[1]. That is, if we talk about authentication, and not about the transferal of money. 1] Including: - Subscription fees, - Transaction fees, - Proprietary trust network software, - Relying party credential issuance and configuration - Trust network arbitration software I claim that the Four Corner model is the single most hampering thing to wide-scale PKI-deployment because it makes receivers' possibly pay for messages that they maybe did not even wanted! In paper-based messaging (excluding all kinds of payment systems), the "sender" typically puts on a stamp on a letter to get it distributed. This makes sense, four-corner does not. By confusing payments with authentication, the finical industry have shot themselves in the foot. Have anybody heard about a receiver-financed authentication trust network that actually makes money? Or have you recently SWIFT TrustActed? I don't think so. May I end this letter citing an interview with Bill Gates? Q: In 1995, you wrote in your book, "The Road Ahead," that IT will realize friction-free capitalism by excluding middlemen and directly connecting buyers and sellers. Do you still believe in the idea? A: Oh absolutely. I believe there should be no markup in any area of the B2B marketplace. If you want to buy and sell from anyone in the world, you should just get very inexpensive software. They'll let you see every seller and let you do complex transactions without anybody marking up the cost of what you're buying. XML Web services are needed for that, and that's what we're doing. It's a key building block of friction-free capitalism. Anders -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm