End of the line for Ireland's dotcom star
http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html Guardian | End of the line for Ireland's dotcom star Software firm saw boom and bust; now the core business is sold Geoff Gibbs Tuesday September 23, 2003 The Guardian Baltimore Technologies, the Irish software concern whose spectacular rise and fall epitomised the boom and bust of the dotcom era, reduced itself to little more than a cash shell yesterday by selling off the core business on which its fortunes were founded. The internet security company, which failed to find a buyer after putting itself up for sale this year, said it was selling its loss-making public key infrastructure, or PKI, operation to the American-controlled business beTRUSTed for £5m. PKI is used to make e-business secure and was the core technology behind Baltimore's heady but brief elevation to the ranks of FTSE 100 corporations before the dotcom bubble burst two years ago. At the height of its fortunes the Dublin company was valued at more than £5bn and employed about 1,500 people. The PKI sell-off marks the completion of a controlled programme of asset sales that has raised almost £21m over the past couple of months and will leave Baltimore with only a handful of employees in its head office and legacy technology support functions. It is the end of the story of Baltimore as a software company. This is the final paragraph of the final chapter, chief executive Bijan Khezri acknowledged yesterday. Mr Khezri, who left Baltimore in 2000 and returned the following year to oversee its restructuring, said shareholders would have the opportunity to vote on what course the company should take by the end of this year - possibly at an extraordinary meeting to approve the PKI sale in November. Options included returning cash to shareholders, allowing another business to reverse into the company, or making an acquisition. This transaction is our last significant asset disposal and will deliver on our commitment to eradicate operational cash burn and maximise shareholder value, he told shareholders. Baltimore shares fell 4.5p to 36.5p on news of the sale - a far cry from the £13.50 peak scaled in March 2000. The PKI business - which includes hundreds of customers in the government, telecommunications and financial markets - generated revenues of £19.3m in the year to last December but ran up losses of £11.1m before interest and tax. Mr Khezri said the need for scale in the global infrastructure software market made the PKI disposal an obvious move. The long term competitiveness of the PKI business requires critical mass, and beTRUSTed has emerged as an excellent partner to take our PKI technology and customer base to its next level. Up to 80 of the PKI's 180 employees are expected to transfer with the business to its new owners. A few more will be retained by Baltimore but the company warned that about 60 staff face redundancy. The new owner, beTRUSTed, said more than three quarters of its clients had made significant investments in Baltimore's PKI technology, which it had implemented and operated for many years. We believe beTRUSTed's ownership will provide the necessary stability and support for existing and prospective clients to build and deploy critical business applications that leverage Baltimore's technology, said the company's chief executive, John Garvey. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: End of the line for Ireland's dotcom star
At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote: http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html so ignore for the moment the little indiscretion http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At least I hope it's new) http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At least I hope it's new) and the part of turning a simple authentication problem into a significantly harder and error prone (along with exploits and vulnerabilities ... not to say expensive) problem: http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security took the wrong branch? http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security took the wrong branch? http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a meaning there has been the some past discussions of what happens to long term CA private key management over an extended period of time, possibly involving several corporate identities. Checking latest release browsers ... I find two CA certificates for GTE cybertrust ... one issued in 1996 and good for 10 years and another issued in 1998 and good for 20 years. so lets say as part of some audit ... is it still possible to show that there has been long term, continuous, non-stop, highest security custodial care of the GTE cybertrust CA private keys. If there hasn't ... would anybody even know? ... and is there any institutional memory as to who might be responsible for issuing a revokation for the keys? or responsible for notifying anybody that the certificates no longer need be included in future browsers? -- Anne Lynn Wheelerhttp://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: End of the line for Ireland's dotcom star
hi ( 03.09.23 13:45 -0600 ) Anne Lynn Wheeler: is it still possible to show that there has been long term, continuous, non-stop, highest security custodial care of the GTE cybertrust CA private keys. If there hasn't ... would anybody even know? i worked at cybertrust/baltimore up until about 3 years ago [like rats leaving a sinking ship ...].and, as you might imagine i have no idea what's going on with those keys. there was a big institutional fight over how much money to spend on putting those keys in the browsers, now pretty much meaningless. the keys were always well watched, at least while i was there. i had to work in that room a few times, and i was watched then too. the guy who ran the facility [like a tight ship] left shortly after i did, so i have even less faith in the integrity of those certs now than i would have otherwise because his replacement probably couldn't even tell you what TCP stands for. but as you imply, all bets are off now. -- \js - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: End of the line for Ireland's dotcom star
Lynn and John Saylior have raised an important point. Who at Baltimore, or was once there, is likely to be able to account for the security of the certs for customers who still rely upon them? Not somebody to spin a fairy tale, but to truthfully explain what Baltimore has done to avoid betraying the trust of its customers, or handing that trust over to others who may not have Baltimore's scruples or be bound by its promises. Not that Baltimore's investors would give a hoot, but customers might want to know who to challenge about their private, once secure, data. This matter is important for it is a bellweather of what's to come with failure of other trusted parties or who or bought by less scrupulous if more financially endowed than always absolutely trustworthy crypto corporations. The recent stink about betrayal of customer data with JetBlue, Acxiom and eBay is timely. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: End of the line for Ireland's dotcom star
At 12:45 PM -0700 9/23/03, Anne Lynn Wheeler wrote: At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote: http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html so ignore for the moment the little indiscretion http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At least I hope it's new) http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At least I hope it's new) and the part of turning a simple authentication problem into a significantly harder and error prone (along with exploits and vulnerabilities ... not to say expensive) problem: http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security took the wrong branch? http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security took the wrong branch? http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a meaning there has been the some past discussions of what happens to long term CA private key management over an extended period of time, possibly involving several corporate identities. Checking latest release browsers ... I find two CA certificates for GTE cybertrust ... one issued in 1996 and good for 10 years and another issued in 1998 and good for 20 years. so lets say as part of some audit ... is it still possible to show that there has been long term, continuous, non-stop, highest security custodial care of the GTE cybertrust CA private keys. If there hasn't ... would anybody even know? ... and is there any institutional memory as to who might be responsible for issuing a revokation for the keys? or responsible for notifying anybody that the certificates no longer need be included in future browsers? -- Anne Lynn Wheelerhttp://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm Note that proposals such as Tyler Close's YURL http://www.waterken.com/dev/YURL/ avoid the issue of trust in the TTP/CA. As such, I find them attractive whenever they can be used. Cheers - Bill - Bill Frantz| There's nothing so clear as | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Peppercoin Raises $4 Million in First Round Funding, Appoints CEO
Rivest and Micali's microcheque protocol gets a ducat-download. Next stop an IPO -- and then an eBay buyout... ;-). Cheers, RAH --- http://www.econtentmag.com/Articles/ArticlePrint.aspx?ArticleID=5506 EContentmag.com Peppercoin Raises $4 Million in First Round Funding, Appoints CEO Posted Sep 23, 2003 http://www.econtentmag.com/?ArticleID=5506 All Content Copyright ' 1998-2003 EContentmag.com - All Rights Reserved Peppercoin, Inc. a micro-payment services company that enables online merchants to sell low-priced digital goods, has raised $4 million in a Series A round of financing from POD Holding and private investors. The funding brings the total raised to date to $5.7 million, which includes a seed round from private investors that was announced February this year. Peppercoin has also announced the appointment of CEO, Robert Kiburz, formerly VP and General Manager of the Billing and Customer Care unit at Lucent Technologies. New appointments to the Peppercoin Board of Directors include Johan Pontin and Peter S. Lawrence, managing director, both respectively of POD Holding. Pontin is the founder of POD Holding, a private equity partnership with offices in Stockholm, Sweden and Boston, Mass. They join Peppercoin CEO Robert Kiburz and its two founders, Professors Ronald L. Rivest and Silvio Micali, co-founders of the Cryptography and Information Security Group at the Massachusetts Institute of Technology's Laboratory for Computer Science. Rivest is also a founder of RSA Security and VeriSign. The Peppercoin Payment Service is designed to allow music companies, online game providers, newspaper and magazine publishers, and other digital content providers to sell low-priced online content profitably. Newspapers, magazines and other publishers will be able to add news stand pricing for single-issue or article access, while game sites will be able to add pay-per-play pricing to their subscription models. (http://www.peppercoin.com ), ( http://www.podholding.com ) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: End of the line for Ireland's dotcom star
John Young [EMAIL PROTECTED] writes: Who at Baltimore, or was once there, is likely to be able to account for the security of the certs for customers who still rely upon them? Not somebody to spin a fairy tale, but to truthfully explain what Baltimore has done to avoid betraying the trust of its customers, or handing that trust over to others who may not have Baltimore's scruples or be bound by its promises. Is it really that big a deal though? You're only ever as secure as the *least secure* of the 100+ CAs automatically trusted by MSIE/CryptoAPI and Mozilla, and I suspect that a number of those (ones with 512-bit keys or moribund web sites indicating that the owner has disappeared) are much more of a risk than the GTE/Baltimore/beTRUSTed/whoever-will-follow-them succession. The real lesson of this, I think, is the observation that The company would have done better to concentrate on making its core PKI technology easier to deploy, which applies to most other PKI vendors and products as well. Baltimore had the bizarre business strategy of using revenue from its PKI products as a means of driving/funding work in its other product branches, which is a bit like a drowning man going for a boat anchor as his most likely flotation device. Peter (curently flooded with Linux VPN mail, please be patient). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Peppercoin Raises $4 Million in First Round Funding, Appoints CEO
--- begin forwarded text Status: U Date: Tue, 23 Sep 2003 16:32:22 -0500 To: R. A. Hettinga [EMAIL PROTECTED] From: Adam L Beberg [EMAIL PROTECTED] Cc: FoRK [EMAIL PROTECTED] Subject: Re: Peppercoin Raises $4 Million in First Round Funding, Appoints CEO List-Id: Friends of Rohit Khare fork.xent.com List-Archive: http://lair.xent.com/pipermail/fork List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: http://xent.com/mailman/listinfo/fork, mailto:[EMAIL PROTECTED] Sender: [EMAIL PROTECTED] On Tuesday, September 23, 2003, at 03:45 PM, R. A. Hettinga wrote: Rivest and Micali's microcheque protocol gets a ducat-download. Next stop an IPO -- and then an eBay buyout... ;-). Hahaha... about 7 percent per transaction - NOT mentioned on the website anywhere, I had to look in a Wired article - we call that an F*** the merchant rate folks, even AMEX isn't that high. Windows only. Interface software is NOT open source. Oh, and they are used by 6 merchants. VISA is soo scared, . However, POD Holding is obviously a good source of sucker money, send in those business plans folks :) - Adam L. Beberg - [EMAIL PROTECTED] http://www.mithral.com/~beberg/ ___ FoRK mailing list http://xent.com/mailman/listinfo/fork --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Mac_crypto] Re: Peppercoin Raises $4 Million in First Round Funding, Appoints CEO
On Wednesday, Sep 24, 2003, at 02:18 Europe/London, Adam L Beberg wrote: Rivest and Micali's microcheque protocol gets a ducat-download. Next stop an IPO -- and then an eBay buyout... ;-). Hahaha... about 7 percent per transaction - NOT mentioned on the website anywhere, I had to look in a Wired article - we call that an F*** the merchant rate folks, even AMEX isn't that high. I think you'll find that when the transaction value is small the merchant rates from all the credit card companies are substantially higher than that. It's common for the marginal merchant rate to be on the order of 2-4% for online transactions but there is usually a base charge of 25 cents or more as well as the marginal rate. On a $2 charge for a song the merchant could well be paying more than 30 cents in fees, which is more than double the rate for Peppercoin. Windows only. Interface software is NOT open source. This is a severe limitation if you're trying to sell to people on this mailing list but it covers a large fraction of the market by value. I would expect to see a Mac client too soon, thereby covering more than 99% by value of their target market. I doubt you'll see open source interface software and I doubt that their market will care. Oh, and they are used by 6 merchants. VISA is soo scared, . To push a technology like this into even 6 merchants before you've got proper funding for your company is not bad. That said, I have no doubt that they will ever scare Visa and I have no doubt they they never intended to. Nicko - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Peppercoin fee structure...
--- begin forwarded text Status: U Date: Tue, 23 Sep 2003 22:51:37 -0400 To: R. A. Hettinga [EMAIL PROTECTED] From: Ronald L. Rivest [EMAIL PROTECTED] Subject: Peppercoin fee structure... Cc: Adam L Beberg [EMAIL PROTECTED] Hi Bob -- You forwarded a posting from some Adam L Beberg regarding Peppercoin that needs correction. Adam compares the percentage fee charged by Peppercoin (e.g. 7-8 percent) against what the credit card companies charge (e.g. 2-5 percent), and makes some childish and rude comments about Peppercoin in conclusion. What Adam failed to understand is that Peppercoin charges no fixed fee whatsoever per transaction, whereas credit card companies typically charge 25 cents or so per transaction. Thus, for a nickel micropayment, Peppercoin charges 0.35 cents, while Adam's favorite credit card company charges 25 cents or more to process the transaction. The credit card company is charging, in effect, a fee of 400 percent (that's FOUR HUNDRED PERCENT), compared to Peppercoin's 7 percent. Adam, your apology is accepted. Cheers, Ron Rivest Ronald L. Rivest Room 324, 200 Technology Square, Cambridge MA 02139 Tel 617-253-5880, Fax 617-258-9738, Email [EMAIL PROTECTED] --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]