Lynn!Anders, Lynn:
Before wasting too much list bandwidth, lets conclude that the TTP CA
business and legal models are still to be determined by establishing practices.
Not a single case have to my knowledge reached a court yet so [all] this
is just "theory", "habits", and "speculation", albeit rather interesting such :-)
I think that is a point that is extremely important too mention. In contrast to payment processes, no liability rules whatsoever have been defined.
This makes for a huge amount of uncertainty on customers brain processes: if I implement PKI, the vendor may tell me that all his stuff has been certified, the CA has been accredited, all processes conform to signature laws, BUT: *if* something goes awry, I still have no idea about who can be held accountable.
So, even though all these digital PKI processes conform to much stronger rules and technology than the "analog" ones, the state of uncertainty in business terms is impeding implemetations.
Maybe we should arrange for a PKI based business transaction amongst ourselves and then sue each other just to find out what happens :)
Frank.
