[cabfpub] Recent ITU-T meeting
erwann.abalea at keynectis.com
Fri Apr 26 17:06:19 UTC 2013
Le 26/04/2013 18:35, tScheme Technical Manager a écrit :
> Hi Ben,
> I have already been involved in some discussions on what has become TD 131
> and I'm not sure that it's useful to think of the auditors as fulfilling the
> role of "juridical experts" (although they could also decide to offer that
From the paper:
"The role of expert trusted third party could be provided by:
* Commercial organizations which make a business from giving
recommendation about certificates;
* National governments which wish to facilitate e-commerce in their
* An international body like the UN in order to facilitate
The list isn't exhaustive, but the idea is to add a third (or
fourth?)-party actor. Auditors already being part of the process, I
doubt they can play 2 roles.
> My simplistic understanding is that I as a relying party would
> formally contract with a JE service and then, whenever I receive a
> Certificate (e.g. an SSL certificate when I log on to an e-Commerce site), I
> would send a copy of the certificate to my JE service and ask them whether I
> should trust it or not - i.e. I do not rely on the Browser making that
> decision for me.
Along with the scoring about the certificate, the trust broker would
also list usage limits about that certificate (role, monetary amounts, ...).
The idea seems to date back to 2008, by the same authors.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public