[19339] in cryptography@c2.net mail archive
Re: browser vendors and CAs agreeing on high-assurance certificat
daemon@ATHENA.MIT.EDU (leichter_jerrold@emc.com)
Wed Dec 21 13:41:27 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: leichter_jerrold@emc.com
To: sidney@sidney.com
Cc: cryptography@metzdowd.com
Date: Mon, 19 Dec 2005 11:18:08 -0500
| > Imagine a "E-commerce" front end: Instead of little-guy.com buying a
cert
| > which you are supposed to trust, they go to e-commerce.com and pay for a
| > link. Everyone trusts e-commerce.com and its cert. e-commerce provides
a
| > guarantee of some sort to customers who go through it, and charges the
| > little guys for the right.
|
| Do you mean like Amazon Marketplace and Amazon zShops? I think it's been
| done already:
|
| http://www.amazon.com/exec/obidos/tg/browse/-/1161232/103-4791981-1614232
Well, yes, and eBay provides the same service. But how much protection are
they providing for buyers? I think Amazon will cover the first $100 a
customer paid. eBay gives you a bit of protection if you go with PayPal,
but not a whole load - they rely on their reputation system.
e-commerce.com would bring up a page saying: "We guarantee that
transactions
up to $nnn with this site will be to your satisfaction or your money back".
The merchant would specify the maximum dollar value, and pay e-commerce.com
based on the limit and, presumably, his reputation with e-commerce. (This
is one way it might be set up - there are certainly other ways. And, even
in this style, the entire wording of the guarantee would be something agreed
upon between the seller and e-commerce.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
