On Tue, Dec 04, 2001 at 03:32:04PM +0800, Enzo Michelangeli wrote: > Actually, the authentication is not performed by Visa, but by the issuer > (the member bank that has issued the card). Visa only manages a directory > server where the merchant's plugin looks up the first six digits of the card > number (a.k.a. the "issuer BIN") and finds the URL of the "Issuer > Authentication Control Server". The merchant plugin then redirects the > buyer's browser to that server, which in turn authenticates the buyer in any > way it deems fit (normally, a password or PIN). Visa, merchant and acquiring > bank are all out of the authentication loop: the process only involves > issuer and cardholder. > > If the authentication is successful, the Issuer ACS certifies the card > number (basically, signing it) and redirects the browser to the merchant's > plugin, which verifies the issuer's signature (through a Visa-issued root > cert) and proceeds. Only then it the transaction submitted for > authorization.
So if I understand this correctly, if I am running a client, for which there is no plugin, I am screwed? This seems pretty limiting. > Enzo slainte mhath, RGB -- Richard Guy Briggs -- ~\ Auto-Free Ottawa! Canada <www.TriColour.net> -- \@ @ <www.flora.org/afo/> No Internet Wiretapping! -- _\\/\%___\\/\% Vote! -- <Green.ca> <www.FreeSWAN.org>_______GTVS6#790__(*)_______(*)(*)_______<www.Marillion.com> --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]