---------- Forwarded message ----------
Date: Tue, 28 Feb 1995 12:34:04 +0000
From: Darren New <dnew@sgf.fv.com>
To: w3c-scenarios@w3.org
Subject: Scenarios
Scenarios for Secure WWW transfer:
1) A signed CERT advisory is posted. I should be able to download it
from the web server, forward it via email to a friend, who then posts
it locally on his company's server, all without corrupting the
signature.
2) A signed CERT advisory is posted informing people that XYZ
company's Certification Authority has been corrupted because the
private key has been circulated on pirate bulletin boards. The new
public key is included, signed by various other places including CERT.
3) A CERT advisory is posted informing people that the CERT advisory
in #2 has been forged by someone in CERT.
4) A CERT advisory is posted informing people that XYZ company's
Certification Authority has been corrupted. However, this is a forgery
signed not by CERT but by XYZ's competitor PDQco for financial
reasons. Since PDQco made your browser and you use PDQco as your CA,
they can certify a false CERT key.
5) I (Darren) sign a form saying "Charge MasterCard #1343 for the
postscript version of the report." The merchant gets this form and
decrypts it. The merchant then attempts to verify that card #1343
belongs to Darren. Who does the merchant talk to to find this out, and
how?
----
Darren New / Senior Design Engineer / First Virtual Holdings Inc.
Anyone can buy and sell information over the internet for real money TODAY!
http://www.fv.com or info@fv.com -=|=- PGP key: finger dnew@sgf.fv.com