* Anne & Lynn Wheeler: > In the mid-90s, financial institutions looking at the internet for > online, commercial banking and cash management (i.e. business > equivalent to consumer online banking) were extremely conflicted > ... they frequently were almost insisting on their own appliance at > the business (and low-end of SOHO at least overlaps high-end > of consumer online banking).
Well, in 1994, German Postbank already had 300,000 online banking customers. (To put this into perspective, there are somewhere around 3 million online customers today, and this was well before the Internet took off in Germany.) On top of that, there were other forms of digital banking that were mainly used by business customers, such as transactions submitted on floppy disks. > Various of the PC-based dedicated financial applications go to > quite some lengths to compensate for kind of vulnerabilities > typically associated with browser activity. For instance, > instead of relying on a trusted third party to certify that > some remote location really has a valid digital certificate, > they have a trusted repository of valid financial institutions. Oh really? In Germany, early digital banking had no cryptographic protection at all. Integrity and confidentiality were inherited from the underlying phone system. There were no end-to-end digital signatures. Nothing. Just a one-time password for each transaction, but the password was not tied to the transaction in any way. > This has the added benefit of eliminating the horribly complex > and vulnerable PKI-type of operation Except that there aren't any attacks on the browser PKI. That's part of the reason why the certificate prices plummeted. 8-/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]