Author: Michael Gronager 2012-11-27 12:39:30
Published on: 2012-11-27T12:39:30+00:00
X509 certs are used to acquire verified identity (a domain name) on the receipt which is required for multi-factor authentication. It is necessary to have a third party asserting to an identity for this purpose. However, verification of the site is the responsibility of a payment provider rather than a payment technology. Signing the memo using standard S/MIME could provide verification of the site without mixing it with the payment protocol. Using the host key for digital signing of documents is a controversial use and is not within the policy of a host certificate. The internet currently lacks an ID solution for this purpose. Certificates for signing messages are distributed freely and insecurely based only on temporarily having an email from within an organization, and host certificates are meant for SSL handshakes. Although any CA can issue digital certificates for email signing for any domain without notifying the owner, DANE solves this issue. Until then, using host certificates is an unintended use that is cryptographically a nice solution but legally and standard-wise a hack.
Updated on: 2023-06-06T08:44:08.231941+00:00