In message [EMAIL PROTECTED], R.A. Hettinga writes:
At 12:26 PM -0400 7/13/05, Perry E. Metzger wrote:
Why do banks not collect simple biometric information like photographs
of their customers yet?
Some do.
Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have
On Wednesday 13 July 2005 18:29, Mike Owen wrote:
Back in 2000, I opened an account with BofA, and they took a photo of
me, and added it to my debit/check card. Around that same time,
American Express was doing the same with their Costco branded cards.
I'm sure others are doing it, those are
On Wednesday 13 July 2005 23:31, Dan Kaminsky wrote:
This is yet more reason why I propose that you authorize transactions
with public keys and not with the use of identity information. The
identity information is widely available and passes through too many
hands to be considered secret in
I think that by eliminating the need for a merchant to learn
information about your identity I have aimed higher. Given that we're
talking about credit instruments,
Wasn't that a goal of SET?
/r$
--
Rich Salz Chief Security Architect
DataPower Technology
Perry E. Metzger [EMAIL PROTECTED] writes:
Why is it, then, that banks are not taking digital photographs of customers
when they open their accounts so that the manager's computer can pop up a
picture for him, which the bank has had in possession the entire time and
which I could not have forged?
when we were called into help word-smith the cal. state and later the
fed. electronic signature law ... a lot of effort went into making the
wording technology agnostic as well as trying to avoid confusing
authentication and identification.
We've been discussing those very same topics within
On Wed, Jul 13, 2005 at 12:26:52PM -0400, Perry E. Metzger wrote:
A quick question to anyone who might be in the banking industry.
Why do banks not collect simple biometric information like photographs
of their customers yet?
Some, like Citibank do. I have a photo on my VISA from them, but
[EMAIL PROTECTED] (Peter Gutmann) writes:
Perry E. Metzger [EMAIL PROTECTED] writes:
Why is it, then, that banks are not taking digital photographs of customers
when they open their accounts so that the manager's computer can pop up a
picture for him, which the bank has had in possession the
Ian Grigg [EMAIL PROTECTED] writes:
It's 2005, PKI doesn't work, the horse is dead.
He's not proposing PKI, but nymous accounts. The
account is the asset, the key is the owner;
Actually, I wasn't proposing that. I was just proposing that a private
key be the authenticator for payment card
Rich Salz [EMAIL PROTECTED] writes:
I think that by eliminating the need for a merchant to learn
information about your identity I have aimed higher. Given that we're
talking about credit instruments,
Wasn't that a goal of SET?
Some of it was, yah. I don't claim that any of this is
Jörn Schmidt [EMAIL PROTECTED] writes:
The answer to this dilemma? I'm afraid this time it really is
legislation. Frankly, I'm not even sure if that would work but, at this
time, it's our best shot. Congress won't do anything about this unless
a few representatives have their identities
Steven M. Bellovin wrote:
Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have for more than a decade, maybe even two.
One New York bank -- long since absorbed into some megabank -- did the
same thing about 30 years ago. They gave up -- it was expensive
AFAIK, the cards are still the same (Sony FeliCa:
http://www.sony.net/Products/felica/): I never changed mine since I got it
several years ago. The same card was also adopted in 2002 by EZ-Link in
Singapore (http://www.ezlink.com.sg ).
Enzo
- Original Message -
From: Anne Lynn Wheeler
On Wed, 13 Jul 2005, Perry E. Metzger wrote:
Why is it, then, that banks are not taking digital photographs of
customers when they open their accounts so that the manager's computer
can pop up a picture for him, which the bank has had in possession the
entire time and which I could not have
Rich Salz wrote:
Wasn't that a goal of SET?
there was an observation that SET possibly wouldn't divulge your account
number until the merchant had been determined to be some entity
registered as a merchant (akin to the SSL domain name infrastructure
certificates ... if a spoofed site didn't use
(Dan, in answer to your question on certs, below.)
On Thursday 14 July 2005 14:19, Perry E. Metzger wrote:
Ian Grigg [EMAIL PROTECTED] writes:
It's 2005, PKI doesn't work, the horse is dead.
He's not proposing PKI, but nymous accounts. The
account is the asset, the key is the owner;
RANT-PET_PEEVEWhy do cryptography folks equate PKI with
certificates and CAs? This fallacy is a major root cause of the
problem IHO. Why was the term PKI invented in the late 70s/early
80s (Kohnfelder's thesis?)?. Before the invention of asymmetric
cryptography, didn't those people who
On Jul 14, 2005, at 6:23 AM, Perry E. Metzger wrote:
Rich Salz [EMAIL PROTECTED] writes:
I think that by eliminating the need for a merchant to learn
information about your identity I have aimed higher. Given that
we're
talking about credit instruments,
Wasn't that a goal of SET?
Some
Pat Farrell wrote:
On Wed, 2005-07-13 at 23:43 -0400, Rich Salz wrote:
I think that by eliminating the need for a merchant to learn
information about your identity ...
Wasn't that a goal of SET?
As I recall, the goal of SET was to have a standard
that was not invented by CyberCash. (I may
From: Aram Perez [EMAIL PROTECTED]
Sent: Jul 14, 2005 10:45 AM
To: Cryptography cryptography@metzdowd.com
Subject: Re: ID theft -- so what?
RANT-PET_PEEVEWhy do cryptography folks equate PKI with
certificates and CAs?
One nontrivial reason is that many organizations have spent
a lot of time and
Ian Grigg [EMAIL PROTECTED] writes:
This is not a new realization -- this goes back a long way.
OK, so maybe this part is the new realisation:
No, it isn't a new realization either, Ian. We all knew from nearly
the start that the model we were using in browsers was wrong. I don't
know anyone
Aram Perez wrote:
While the SET protocol was complicated, it's failure had nothing to do
with that fact or the lack of USB on PCs. You could buy libraries that
implemented the protocol and the protocol did not require USB. IMO, the
failure had to do with time-to-market factors. In the late
Pat Farrell wrote:
As others have said, and in the spirit of the subject
of this thread, SET failed for many reasons, many
of them economic. There was little effort made
to bribe the merchants, I think there was talk of
a 26 basis point change in the discount rate,
which the banks thought
Forwarded at Lucky's request:
Date: Thu, 14 Jul 2005 18:28:40 +0200
From: Lucky Green [EMAIL PROTECTED]
Subject: Blind Signature Patent Expiration Party this Saturday
Friends, colleagues, and co-conspirators,
It has been 17 long years and now the time is finally here to celebrate at
the:
--- Dan Kaminsky [EMAIL PROTECTED] wrote:
Bank Of America put my photo on my ATM card back in '97. They're
shipping me a new one right now, so I assume they kept it in the DB.
My local bank asked me apply for a Visa photo credit card back in 1998.
There were two problems though:
1.) Their
25 matches
Mail list logo