On Thu, 2005-07-14 at 18:43 +0200, Amir Herzberg wrote: > Pat Farrell wrote: > > > > As I recall, the goal of SET was to have a standard > > that was not invented by CyberCash. (I may be biased, I > > worked at CyberCash at the time).
> This is incorrect. The main politics around SET was the artificial > `merger` of iKP (from IBM & Mastercard) and STT (from Visa and MS). As > far as I remember, CyberCash were involved but choose not to. They also > did not disclose their protocol like the other proposals. I may be wrong > about the CyberCash role, CyberCash protocols were defined in RFCs. The RFCs are probably still out there, altho no longer in use. The other two protocols were defensive against CyberCash and it looked like there would be three non-interoperative protocol suites. The invention of SET was a marriage of convience. CyberCash had 15000 merchants, it isn't important now, but I'd love to know the number of non-pilot SET merchants in the wild. I was the project manager for CyberCash's project implement SET as a joint venture with Netscape, Toshiba and Visa. And I wrote the crypto code. At one of the early SET committee meetings, someone from CyberCash proposed that SET simply use the RFC'd protocols. I expect that the offer was not made with proper political tact. As others have said, and in the spirit of the subject of this thread, SET failed for many reasons, many of them economic. There was little effort made to bribe the merchants, I think there was talk of a 26 basis point change in the discount rate, which the banks thought was huge and the merchants thought was noise. What really killed it was the billions it would have cost all the banks to issue and manage all the certificates. The crypto in SET was fine. The use of certificates was excessive but in line with PKI thinking of the time. The problem was that it was a very expensive sledge hammer to kill a flea. In retrospect, there was over reliance on crypto and confusion of identity and authentication contributed, but others were making the same mistake. We just have to be smarter now, nearly a decade later. Crypto has to solve business problems that masses of real people have. -- Pat Farrell http://www.pfarrell.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]