--
This is yet more reason why I propose that you
authorize transactions with public keys and not with
the use of identity information.
Dan Kaminsky [EMAIL PROTECTED]
It's 2005, PKI doesn't work, the horse is dead.
The PKI that was designed to serve no very useful
function other
On Thursday 14 July 2005 15:45, Aram Perez wrote:
RANT-PET_PEEVEWhy do cryptography folks equate PKI with
certificates and CAs?
Because it's the major example of what most would
agree is PKI, I'd guess. When we talked to people
in the certs and CAs world, they call it PKI. They
refer to
| Date: Wed, 13 Jul 2005 16:08:20 -0400
| From: John Denker [EMAIL PROTECTED]
| To: Perry E. Metzger [EMAIL PROTECTED]
| Cc: cryptography@metzdowd.com
| Subject: Re: ID theft -- so what?
| ...
| Scenario: I'm shopping online. Using browser window #1, I
| have found a merchant who sells what I
- Original Message -
From: Victor Duchovni [EMAIL PROTECTED]
Subject: Re: EMV [was: Re: Why Blockbuster looks at your ID.]
Whose loses do these numbers measure?
- Issuer Bank?
- Merchant?
- Consumer?
- Total?
I'd say that you've fairly well hit the nail on the head. I've
If you had two products ... both effectively performing the same
function, one you already had deployed, which was significantly cheaper,
significantly simpler, and significantly faster, which one would you choose?
I was told that one of the reasons SSL took off was because Visa and/or MC
told
On Jul 14, 2005, at 8:13 PM, Rich Salz wrote:
If you had two products ... both effectively performing the same
function, one you already had deployed, which was significantly
cheaper,
significantly simpler, and significantly faster, which one would
you choose?
I was told that one of the
Rich Salz wrote:
I was told that one of the reasons SSL took off was because Visa and/or MC
told merchants they would for the time being treat SSL as card-present,
in terms of fraud penalties, etc. If this is true (anyone here verify?
My source is on the list if s/he wants to name themselves),
Ian Brown [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have for more than a decade, maybe even two.
One New York bank -- long since absorbed into some megabank -- did the
same thing about 30 years ago.
Perry E. Metzger wrote:
Ben Laurie [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
Anonymity is a concern to me, too, but I suspect that it is hard to
get anonymity in a credit card transaction using current means, even
if the merchant isn't online. Pseudonymity, perhaps.
Can we not aim
Peter Gutmann wrote:
Perry E. Metzger [EMAIL PROTECTED] writes:
Why is it, then, that banks are not taking digital photographs of customers
when they open their accounts so that the manager's computer can pop up a
picture for him, which the bank has had in possession the entire time and
which
a harder problem for early stage web merchants was getting a merchant
financial institution the merchant financial institution that
sponsors a merchant for payment transactions ... takes financial
responsibility for that merchant.
the standard procedure was to send somebody out to the retail
Well, the acceptable risk concept that appears in these two
threads has been for a long time an euphemism for that business
model that shifts the burden of fraud to the customer.
The dirty little secret of the credit card industry is that they
are very happy with 10% of credit card fraud, over
On 7/14/05, Anne Lynn Wheeler [EMAIL PROTECTED] wrote:
remember what Verisign was called before it was renamed Verisign?
Digital Certificates International, Inc.
Did you consult for First Data Corp. at the time?
Aram Perez wrote:
One other point, SET did NOT require certs for the consumers. The
client-merchant protocol supported clients without certs.
there was a later set-lite w/o certs for clients ... but the original
specification had client certs as part of the core process.
note that the SET
Ram A Moskovitz wrote:
Did you consult for First Data Corp. at the time?
some reference:
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
little later, we got to review chaum and brand stuff. brand had done a
take-off on chaum's stuff so that if somebody
15 matches
Mail list logo