[11738] in Commercialization & Privatization of the Internet
Re: Random Thoughts Regarding RSA/NCSA/EIT
daemon@ATHENA.MIT.EDU (Kent W. England)
Sat Apr 16 07:46:49 1994
Date: Fri, 15 Apr 1994 16:50:00 -0700
To: "Rob Raisch, The Internet Company" <raisch@internet.com>,
Brian Hawthorne - SunSelect Strategic Marketing <brianh@suneast.east.sun.com>
From: kwe@cerf.net (Kent W. England)
Cc: com-priv@psi.com
At 10:57 AM 4/15/94 -0700, Rob Raisch, The Internet Company wrote:
>
>Please do not assume that I am fundamentally against online commercial
>transactions. I am not. Not by a long shot. I would love to be able to
>sell my customer's data to the Internet community. And in some limited
>ways, I do. It's just very difficult for me to get excited by
>RSA/NCSA/EIT and what they are planning, for the following reasons...
Rob;
What if we just use the key-pair for greater security between one buyer and
one seller for a sequence of transactions over time? Assume we still use
credit card numbers for the financial part.
This avoids all those problems with global certification that PEM
addresses. I note that Pretty Good Privacy (PGP) has the ability to manage
a keyring of keys, where each key-pair is established as needed to secure
one transaction sequence. This is simpler than the "let's build a global
authentication system".
A set of key-pairs for each "subscription" makes it harder for others to
correlate your separate accounts.
Keep your private key on your portable PC.
Mail order companies thrive using phones and credit cards and they never
need to see faces or fingerprints. Pizza delivery companies are the same.
As long as each transaction is small, the risk is small.
--Kent
