[2535] in cryptography@c2.net mail archive
RE: "ABA" beomes root CA for financial services industry
daemon@ATHENA.MIT.EDU (Dwight Arthur)
Tue Apr 21 14:04:53 1998
From: "Dwight Arthur" <dwightarthur@mindspring.com>
To: "Robert Hettinga" <rah@shipwright.com>, <cryptography@c2.net>,
<dcsb@ai.mit.edu>, <dbs@philodox.com>
Date: Fri, 17 Apr 1998 16:31:52 -0400
In-Reply-To: <v04003a57b14a8c4941cb@[139.167.130.246]>
Robert Hettinga wrote: "Since I think that hierarchical trust models are
pretty much garbage (not
to mention the Utah digital signature statute ;-)), it'll be fun to see now
how long the ABA holds out before banks "certify" each other and make their
own, geodesic, trust relationships."
Sorry, I am missing the issue. Suppose hypothetically that the NASD were to
create a CA and an x.500 directory and offer that any member organization
could arrange a face to face meeting with it's assigned NASD examiner and
hand over a copy of the member's CA signing key. Further suppose that for
every member organization that did so, the NASD issued a certificate
containing the member's public key and signed by the NASD, and published the
certificate in the directory. This is clearly hierarchical I.M.H.O., and
shows NASD at the root.
Possible uses include hierarchical approaches, such as S/Mime among members
using certificate chains that terminate with the NASD. Other uses are
networked: when two members with to directly cross-certify each other, they
can look to the NASD directory as a source for each other's keys eliminating
the need for face to face key exchanges and other obscure bootstrapping
strategies.
Question: in what way does this cross-certification of nodes within the
hierarchy invalidate the hierarchy?
---------------------------------------
p:(212) 412-8687 Dwight Arthur
f:(212) 908-2345 Managing Director: Systems
b:(917) 646-6682 National Securities Clearing
dwightarthur@mindspring.com 55 Water Street
http://www.nscc.com New York, NY 10041-0082
