[EMAIL PROTECTED] on 11/2/2003 9:29 am wrote:
>Lynn,
>To convert everything into a payment system is not a good way
>to discuss things. Identity <<>> Payment.
>
>So an "issuer" in the ID-world has no reason to ever get
>client signatures as the only thing an issuer of IDs can vouch
>for is the binding between a "name" (a.k.a. account number)
>and a public key. That means that in an ID-world using TTPs
>the transferal of the user's public key as a part of a
>"transaction" is indeed necessary. To use account numbers
>for issuer lookup does not work in an ID-world either as
>the very same account number (citizen name) may be issued.
>That is, my name is not "Anders Rundgren, cid=4545454,
>@bigca", only "Anders Rundgren, cid=4545454".
hum, lets see, what is the mailing list ... hum, it seems to be
internet-payments?
to the extent the previous posts had a discussion of a specific payment
related scenario .... it was in response to a specific example you gave
regarding possible compression of information in certificates.
the original post and the majority of the subsequent posts was discussing
http://www.garlic.com/~lynn/aadsm15.htm#32 VS: On-line signature standards
http://www.garlic.com/~lynn/aadsm15.htm#33 VS: On-line signature standards
http://www.garlic.com/~lynn/aadsm15.htm#34 VS: On-line signature standards
(slight addenda)
basis for valid acceptable electronic signature. as mentioned before ....
I outline previously .... there was a discussion of authentication ....
specifically a commonly acceptable taxonomy for authentication, namely
three-factor authentication:
* something you have
* something you know
* something you are
within the context of a acceptable legal electronic signature having to do
with
* authentication
* non-repudiation
* proving intent and/or agreement
so I strongly assert that
* authentication
- something you have
- something you know
- something you are
* non-repudiation
* proving intent and/or agreement
is not converting everyting into a payment system. It is trying to
establish the basis for discussing, valid, legal electronic signatures.
I possibly mistakenly assumed that with the subject line of "on-line
signature standards" that just plausably there was some room for discussing
valid, legal, electronic signatures.
Futhermore, given that this particular mailing list is specifically titled
"internet-payments" .... it wouldn't be completely unacceptable to include
a single example of electronic signatures within the context of a payment
system?
The subject of identity is yet to come up?
--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm
