----- Original Message ----- From: "Richard Guy Briggs" <[EMAIL PROTECTED]> To: "Enzo Michelangeli" <[EMAIL PROTECTED]> Cc: "John R. Levine" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, December 04, 2001 6:18 PM Subject: Re: VISA: All Your Password Are Belong to Us
[...] > So if I understand this correctly, if I am running a client, for which > there is no plugin, I am screwed? This seems pretty limiting. The plugin is a piece of software that runs on the merchant server, not on the client (buyer's browser). Of course, this represents a pain in the neck for the merchants, as they'll have to buy and install such plugin... Unless, of course, the payment protocol is designed in such a way that the card number is passed directly by the buyer's browser to a payment gateway managed by the acquirer or a third-party processor: in that case a single plugin will be shared among many merchants. That would be a good_thing anyway to reduce the risk of theft of card numbers from misconfigured or ill-protected merchant servers, but I suspect that the software vendors selling plugins won't like it much ;-) Enzo --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
