"Anders Rundgren" <[EMAIL PROTECTED]> writes: > I don't believe in that model anymore. 3D offers so > much more possibilities for integration in purchasing > systems which the classic model cannot do. Neither > can AADS. It is like "federation" for payments.
one of the things that 3D appears to offer is keeping the original real-time, online transaction, adding a second real-time online transaction ... IN ADDITION to throwing in redundant and superfluous PKI operations; the original PKI design point was to provide a trust solution for a relying party typically in an offline environment, where the relying party had no other trust recourse involving the other party (having no prior communication and/or prior relationship) there has been some threads about having defense in depth. the counter argument to defense-in-depth ... is a lot of the defense-in-depth strategies drastically increase the complexity of the infrastructure ... and frequently, it is complexity itself that opens up vulnerabilities and exploits. the countermeasure to complexity vulnerabilities and exploits frequently is KISS ... where simpler actually wins out over defense-iu-depth and more complex. In part, defense-in-depth, while possibly creating overlapping layers ... frequently also creates cracks between such layers that allow the crooks to slip through. a couple past threads mentioning defense-in-depth http://www.garlic.com/~lynn/aepay11.htm#0 identity, fingerprint, from comp.risks http://www.garlic.com/~lynn/2002j.html#40 Beginner question on Security http://www.garlic.com/~lynn/aadsm19.htm#27 Citibank discloses private information to improve security http://www.garlic.com/~lynn/2005b.html#45 [Lit.] Buffer overruns numerous past posts mentioning KISS: http://www.garlic.com/~lynn/aadsm2.htm#mcomfort Human Nature http://www.garlic.com/~lynn/aadsm3.htm#kiss1 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp-00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss3 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss4 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss5 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss6 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss7 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss8 KISS for PKIX http://www.garlic.com/~lynn/aadsm3.htm#kiss9 KISS for PKIX .... password/digital signature http://www.garlic.com/~lynn/aadsm3.htm#kiss10 KISS for PKIX. (authentication/authorization seperation) http://www.garlic.com/~lynn/aadsm5.htm#liex509 Lie in X.BlaBla... http://www.garlic.com/~lynn/aadsm7.htm#3dsecure 3D Secure Vulnerabilities? http://www.garlic.com/~lynn/aadsm8.htm#softpki10 Software for PKI http://www.garlic.com/~lynn/aepay3.htm#gaping gaping holes in security http://www.garlic.com/~lynn/aepay7.htm#nonrep3 non-repudiation, was Re: crypto flaw in secure mail standards http://www.garlic.com/~lynn/aepay7.htm#3dsecure4 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure http://www.garlic.com/~lynn/aadsm10.htm#boyd AN AGILITY-BASED OODA MODEL FOR THE e-COMMERCE/e-BUSINESS ENTERPRISE http://www.garlic.com/~lynn/aadsm11.htm#10 Federated Identity Management: Sorting out the possibilities http://www.garlic.com/~lynn/aadsm11.htm#30 Proposal: A replacement for 3D Secure http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA) http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication http://www.garlic.com/~lynn/aadsm13.htm#16 A challenge http://www.garlic.com/~lynn/aadsm13.htm#20 surrogate/agent addenda (long) http://www.garlic.com/~lynn/aadsm15.htm#19 Simple SSL/TLS - Some Questions http://www.garlic.com/~lynn/aadsm15.htm#20 Simple SSL/TLS - Some Questions http://www.garlic.com/~lynn/aadsm15.htm#21 Simple SSL/TLS - Some Questions http://www.garlic.com/~lynn/aadsm15.htm#39 FAQ: e-Signatures and Payments http://www.garlic.com/~lynn/aadsm15.htm#40 FAQ: e-Signatures and Payments http://www.garlic.com/~lynn/aadsm16.htm#1 FAQ: e-Signatures and Payments http://www.garlic.com/~lynn/aadsm16.htm#10 Difference between TCPA-Hardware and a smart card (was: example:secure computing kernel needed) http://www.garlic.com/~lynn/aadsm16.htm#12 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed) http://www.garlic.com/~lynn/aadsm17.htm#0 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)< http://www.garlic.com/~lynn/aadsm17.htm#41 Yahoo releases internet standard draft for using DNS as public key server http://www.garlic.com/~lynn/aadsm17.htm#60 Using crypto against Phishing, Spoofing and Spamming http://www.garlic.com/~lynn/aadsmail.htm#comfort AADS & X9.59 performance and algorithm key sizes http://www.garlic.com/~lynn/aepay10.htm#76 Invisible Ink, E-signatures slow to broadly catch on (addenda) http://www.garlic.com/~lynn/aepay10.htm#77 Invisible Ink, E-signatures slow to broadly catch on (addenda) http://www.garlic.com/~lynn/aepay11.htm#73 Account Numbers. Was: Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/99.html#228 Attacks on a PKI http://www.garlic.com/~lynn/2001.html#18 Disk caching and file systems. Disk history...people forget http://www.garlic.com/~lynn/2001l.html#1 Why is UNIX semi-immune to viral infection? http://www.garlic.com/~lynn/2001l.html#3 SUNW at $8 good buy? http://www.garlic.com/~lynn/2002b.html#22 Infiniband's impact was Re: Intel's 64-bit strategy http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan http://www.garlic.com/~lynn/2002b.html#59 Computer Naming Conventions http://www.garlic.com/~lynn/2002c.html#15 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002d.html#0 VAX, M68K complex instructions (was Re: Did Intel Bite Off MoreThan It Can Chew?) http://www.garlic.com/~lynn/2002d.html#1 OS Workloads : Interactive etc http://www.garlic.com/~lynn/2002e.html#26 Crazy idea: has it been done? http://www.garlic.com/~lynn/2002e.html#29 Crazy idea: has it been done? http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS? http://www.garlic.com/~lynn/2002k.html#11 Serious vulnerablity in several common SSL implementations? http://www.garlic.com/~lynn/2002k.html#43 how to build tamper-proof unix server? http://www.garlic.com/~lynn/2002k.html#44 how to build tamper-proof unix server? http://www.garlic.com/~lynn/2002m.html#20 A new e-commerce security proposal http://www.garlic.com/~lynn/2002m.html#27 Root certificate definition http://www.garlic.com/~lynn/2002p.html#23 Cost of computing in 1958? http://www.garlic.com/~lynn/2003b.html#45 hyperblock drift, was filesystem structure (long warning) http://www.garlic.com/~lynn/2003b.html#46 internal network drift (was filesystem structure) http://www.garlic.com/~lynn/2003c.html#66 FBA suggestion was Re: "average" DASD Blocksize http://www.garlic.com/~lynn/2003d.html#14 OT: Attaining Perfection http://www.garlic.com/~lynn/2003h.html#42 IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs http://www.garlic.com/~lynn/2003.html#60 MIDAS http://www.garlic.com/~lynn/2003m.html#33 MAD Programming Language http://www.garlic.com/~lynn/2003n.html#37 Cray to commercialize Red Storm http://www.garlic.com/~lynn/2004c.html#26 Moribund TSO/E http://www.garlic.com/~lynn/2004e.html#26 The attack of the killer mainframes http://www.garlic.com/~lynn/2004e.html#30 The attack of the killer mainframes http://www.garlic.com/~lynn/2004f.html#58 Infiniband - practicalities for small clusters http://www.garlic.com/~lynn/2004f.html#60 Infiniband - practicalities for small clusters http://www.garlic.com/~lynn/2004g.html#24 |d|i|g|i|t|a|l| questions http://www.garlic.com/~lynn/2004h.html#51 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2004q.html#50 [Lit.] Buffer overruns http://www.garlic.com/~lynn/2005.html#10 The Soul of Barb's New Machine http://www.garlic.com/~lynn/2005.html#12 The Soul of Barb's New Machine http://www.garlic.com/~lynn/2005c.html#22 [Lit.] Buffer overruns http://www.garlic.com/~lynn/aadsm19.htm#27 Citibank discloses private information to improve security http://www.garlic.com/~lynn/2005i.html#19 Improving Authentication on the Internet -- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
