Error code 402 Payment Required is sent by the server when
appropriate. The header fields associated with this response
indicate acceptable charging schemes. The client can then
retry with a suitable ChargeTo header. This needs to be
supplemented with a suitable authorization scheme.
I am very interested in adapting PEM to suit WWW/HTTP needs
for authentication, privacy (e.g. for credit card details)
and billing. We also should provide means for non-repudiation
of placement and acceptance of orders. RSA have told me that
they are keen to see public key techniques adopted by the
World Wide Web and will waive license fees for non-commercial
i.e. freeware implementations in WWW browsers and servers.
The US export restrictions are not a barrier here, since
source code for public key encryption/decryption is freely
available outside the US at a number of ftp sites. The export
restrictions do prevent you from placing secure browsers on
anonymous ftp sites in the US. This can be circumvented by
using non-US ftp sites for the whole browser or just the
publc key library. There is no law against importing public
key cryptosystems into the US (yet)!
The following is quoted from the EFF:
The US government plans to proceed on every front to make the
Clipper Chip encryption scheme a national standard, and to
discourage the development and sale of alternative powerful
encryption technologies. If the government succeeds in this
effort, the resulting blow to individual freedom and privacy
could be immeasurable.
Lets use the web to defeat Clipper and in the process build a
thriving global market for electronic commerce!