Author: Mark van Cuijk 2014-07-28 09:01:06
Published on: 2014-07-28T09:01:06+00:00
In this email exchange, two individuals discuss the idea of implementing a system for verifying merchant identity in online transactions. They identify the need to decide on which party/system will be relied upon to verify the identity of the merchant, options including X.509 CAs, Payment Processors (PP), and PGP/Bitcoin-based systems. They also consider which "PKI" to use for identifying and authenticating the merchant and PP, with options including X.509 certificates, merchant identifiers, Twitter handles, and extended certificates. One individual suggests sticking with the X.509 system for identification of the merchant but likes the idea of a PP issuing non-SSL certificates for merchant identification as long as customers are free to determine whether they trust the PP for this purpose. The other individual agrees that their proposals do not differ substantially and thinks that the extended certificate system is cleaner but prefers Mark's proposal because of backward compatibility concerns. The exchange ends with the suggestion that someone needs to make the proposed system happen. A link to a previous proposal similar to this topic is also provided.
Updated on: 2023-06-09T01:32:40.376881+00:00