[cabfpub] Recent ITU-T meeting

Erwann Abalea erwann.abalea at keynectis.com
Fri Apr 26 10:06:19 MST 2013


Le 26/04/2013 18:35, tScheme Technical Manager a écrit :
> Hi Ben,
>
> I have already been involved in some discussions on what has become TD 131
> and I'm not sure that it's useful to think of the auditors as fulfilling the
> role of "juridical experts" (although they could also decide to offer that
> service).

 From the paper:

"The role of expert trusted third party could be provided by:

  * Commercial organizations which make a business from giving
    recommendation about certificates;
  * National governments which wish to facilitate e-commerce in their
    countries;
  * An international body like the UN in order to facilitate
    international trade"


The list isn't exhaustive, but the idea is to add a third (or 
fourth?)-party actor. Auditors already being part of the process, I 
doubt they can play 2 roles.

>   My simplistic understanding is that I as a relying party would
> formally contract with a JE service and then, whenever I receive a
> Certificate (e.g. an SSL certificate when I log on to an e-Commerce site), I
> would send a copy of the certificate to my JE service and ask them whether I
> should trust it or not - i.e. I do not rely on the Browser making that
> decision for me.

Along with the scoring about the certificate, the trust broker would 
also list usage limits about that certificate (role, monetary amounts, ...).

The idea seems to date back to 2008, by the same authors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130426/dca0c1e0/attachment-0001.html 


More information about the Public mailing list