Re: Beware of /dev/random on Mac OS X

2003-09-02 Thread Michael Shields
In message [EMAIL PROTECTED],
Peter Hendrickson [EMAIL PROTECTED] wrote:
 Apple apparently only accepts bug reports from members of the Apple
 Developers Connection.  If any such members are on this list, it
 might be a good idea to submit a report:
 https://bugreport.apple.com/cgi-bin/WebObjects/RadarWeb.woa

Membership in ADC is available in both free and paid versions.  You
can set up an account for the free version at:
http://connect.apple.com/
-- 
Shields.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Hijacking .NET

2003-09-02 Thread Steve Schear


In the .NET Framework, it's possible to access a private member of any 
class -- your own, another developer's, or even the classes in the .NET 
Framework itself! Appleman demonstrates this with a great example that uses 
private members to get the list of groups that the current user is a member 
of -- in a single line of code -- by accessing a private member that is not 
exposed by the .NET Framework.

http://books.slashdot.org/article.pl?sid=03/05/20/1640225mode=nested 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: invoicing with PKI

2003-09-02 Thread Ian Grigg
(Things seem quiet on the crypto front, here's a late reply.)

Hadmut Danisch wrote:
 
 Hi,
 
 On Thu, Jul 17, 2003 at 04:27:52PM -0400, Ian Grigg wrote:
  Does anyone know any instances of invoicing and
  contracting systems that use PKI and digital orders?
 
  That is, purchasing departments and selling departments
  communicating with digitally signed contracts, purchase
  orders, delivery confirmations and so forth.
 
  And, the normal skeptical followup question, do they
  work, in the sense of delivering ROI, or are they just
  hopeful trials?
 
 
 Beyond invoicing/contracting, which applications of PKI
 in e-business or related areas are there anyway?

The dream of PKI seems to revolve around these major areas:

  1.  invoicing, contracting - no known instances
  2.  authentication and authorisation - SSL client
  side certs deployed within organisations.
  3.  payments
  4.  channel security (SSL)
  5.  email (OpenPGP, S/MIME)

In terms of actual deployed PKIs, the only significant
cases that I know of, deployed outside of organisations
and in widespread use are:

   HTTPS (141k, see below), and
   OpenPGP (millions says PGP Inc, so let's call it 100k or so).

I suspect the widest use of public key crypto in a
non-PKI context would be SSH, which opportunistically
generates keys rather than invite the user to fund
a PKI.  According to this page [1], there may or may
not be 2,400k SSH servers, but it's unclear whether
that is the sample size or the sites found.

 (except
 for the standard tools SSL, X.509,...)

(Right, tools, not applications.)

 Is there a survey of where in e-business cryptography
 is actually being used between customers and providers?

There are specific things like www.securityspace.com and
www.netcraft.com (costs money for what securityspace gives
for free).  Of these, start at [2].

(Which shows the penetration of SSL in websites has risen
from about 1% to 1.2% since the beginning of the year.
Although, there are now new figures on there that show
that only 31% of the 141k found are valid / self-signed
certs.)

In terms of other uses of PKI, outside HTTPS, I don't
know any regular surveys.  I imagine it would be too
depressing to conduct more than once :)

 How many shops do use SET for payment?

Is SET still alive?  Available?  The crypto-based payments
field appears to be quiet at the moment (e.g., payments
that are not done over HTTPS).

About the only thing that I know of (other than own stuff)
is peppercoin which seems to be a DRM micropayments play.
Poking around on the website, it appears to be a crypto
download microtoken billing method, that is aggregated
onto credit cards or bank accounts [3].  IOW, a grab bag
of payments techniques that appears blithely ignorant of
the last decade in digital payments.

iang

[1] http://www.openssh.com/usage/ssh-stats.html

[2] http://www.securityspace.com/s_survey/sdata/200308/domain.html
[3] 
http://www.peppercoin.com/General/FAQAnswerPage.ppp?keyID=helpfaq/faqs/AboutPeppercointopicIndex=16

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: invoicing with PKI

2003-09-02 Thread Hadmut Danisch
On Mon, Sep 01, 2003 at 12:23:28PM -0400, Ian Grigg wrote:

 The dream of PKI seems to revolve around these major areas:
 
   1.  invoicing, contracting - no known instances
   2.  authentication and authorisation - SSL client
   side certs deployed within organisations.
   3.  payments
   4.  channel security (SSL)
   5.  email (OpenPGP, S/MIME)
 
 In terms of actual deployed PKIs, the only significant
 cases that I know of, deployed outside of organisations
 and in widespread use are:
 
HTTPS (141k, see below), and
OpenPGP (millions says PGP Inc, so let's call it 100k or so).
 


The reason I was asking is: I had a dispute with someone who
claimed that cryptography is by far the most important discipline
of information and communication security, and that its transition
from an art to a science was triggered by Shannon's paper in 1949
and the Diffie/Hellman paper in 1976 (discovery of public key
systems).

Reality is different: While Firewalls, Content Filters (Virus/Spam/
Porn filters), IDS, High availability systems, etc. become more and
more important, encryption and signatures, especially based on PKIs, 
don't seem to get more relevant (except for HTTPS/TLS).

There was an interesting speech held on the Usenix conference 
by Eric Rescorla (http://www.rtfm.com/TooSecure-usenix.pdf, 
unfortunately I did not have the time to visit the conference)
about cryptographic (real world) protocols and why they failed
to improve security. From the logfiles I've visited I'd estimate
that more than 97% of SMTP relays do not use TLS at all, not
even the oportunistic mode without PKI. 

I actually know many companies who can live pretty well and secure
without cryptography, but not without a firewall and content filters.
But many people still insist on the claim that cryptography is by far
the most important and only scientific form of network security.

provocation
Is cryptography where security took the wrong branch?
/provocation

regards
Hadmut

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


U.S. seeks OSCE pact on biometric passports

2003-09-02 Thread R. A. Hettinga
http://dynamic.washtimes.com/print_story.cfm?StoryID=20030901-124025-4029r

The Washington Times 
www.washingtontimes.com 

U.S. seeks OSCE pact on biometric passports 
By Nicholas Kralev 
Published September 1, 2003 


VIENNA, Austria - The United States, seeking to keep out terrorists and other 
criminals, this week begins a major diplomatic effort to persuade 54 nations to adopt 
biometric standards when issuing passports to their citizens. 
Those standards, regulated by the International Civil Aviation Organization, 
require every passport to have a machine-readable chip containing the owner's digital 
photo, which is protected by a digital signature. 
The Bush administration, hoping to minimize the complexity of negotiating separate 
bilateral agreements with all countries in the world, plans to start with a 
multilateral accord among the 55 members of the Organization for Security and 
Cooperation in Europe (OSCE), U.S. diplomats said. 
It's a significant logistical job, Stephen M. Menekes, the U.S. ambassador to 
the Vienna, Austria-based organization, said in an interview. But it's here, all in 
place, ready to be used. 
Mr. Menekes said J. Cofer Black, the State Department's coordinator for 
counterterrorism, had the idea when he attended an OSCE conference in June, and he 
walked out of here convinced that this was the way to go. 
U.S. diplomats say they hope to sign an agreement at the Dec. 1-2 annual OSCE 
ministerial meeting in the Dutch city of Maastricht, which would give the event a 
sufficiently high profile to guarantee the presence of Secretary of State Colin L. 
Powell. Mr. Powell skipped the meeting last year because of more pressing 
responsibilities. 
What we are hopeful is to get a decision at the ministerial that all states will 
commit to at least begin issuing passports with biometric data by December 2005, said 
Katherine Brucker, a political officer at the U.S. mission to the OSCE. 
She noted that 21 of the OSCE members - most of them European Union states - are 
on the Visa Waiver program, which allows their citizens to enter the United States for 
short periods without first obtaining a visa at an American consulate overseas. 
They will be obligated to start issuing biometric passports by Oct. 26, 2004, if 
they want to stay in the program, she said. They already said it's moving in this 
direction. 
In a paper to its fellow OSCE members outlining its proposal, the United States 
said that restricting the movement of terrorists and organized criminals is 
imperative in the global fight against terror. 
The ability of criminals to forge travel documents - or to falsely obtain genuine 
ones - remains a serious and ongoing problem, says the document, a copy of which was 
given to The Washington Times. 
Harmonized travel document security measures and features among OSCE 
participating states would greatly enhance security throughout our region. More 
effective and harmonized issuance standards and controls, combined with 
bearer-specific security features, would greatly inhibit the movement of terrorists, 
it says. 
The Bush administration has been repeatedly accused abroad - particularly in 
Europe - of pursuing a unilateral foreign policy and bullying other nations into 
submitting to its wishes. 
But Miss Brucker said the administration is trying to identify ways a large 
multinational organization can actually do something useful in the war on terror, as 
in the case of OSCE. 
We've actually been quite successful, she said. The OSCE operates on consensus, 
and its decisions are only politically - not legally - binding, but countries do take 
them seriously. 
Soon after the September 11 attacks in 2001, the OSCE pledged to prevent the 
movement of terrorist individuals or groups through effective border controls and 
controls on issuance of identity papers and travel documents, as well as through 
measures for ensuring the security of identity papers and travel documents and 
preventing their counterfeiting, forgery or fraudulent use. 
 



Copyright © 2003 News World Communications,  Inc. All rights reserved. 
Return to the article 

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PRNG design document?

2003-09-02 Thread Thor Lancelot Simon
On Tue, Sep 02, 2003 at 12:10:23PM -0400, Anton Stiglic wrote:
 
 Right.  So I don't actually have the original ANSI X9.17 document (and it is
 no longer available in the ANSI X9 catalogue).  My references are
 HAC section 5.3.1
 http://www.cacr.math.uwaterloo.ca/hac/about/chap5.pdf
 and Kelsey, Schneier, Wagner and Hall's paper
 http://www.counterpane.com/pseudorandom_number.pdf
 
 In both of the above references, ANSI X9.17 PRNG is described as taking
 a 64-bit seed s along with a DES E-D-E encryption key k.
 The encrypted time is XORed with the seed and this result is encrypted to
 obtain the output, the seed is updated by encrypting the last output XORed
 with the encrypted time.
 So there is possibility of re-keying (the key that is used for the
 encryption),
 and re-seeding (explicitly, not relying on the self-re-seeding...).
 
 It is important to chose both a random seed and random key, and FIPS 140
 has no provision for this.

Well, it certainly doesn't forbid it; again, a simple approach is to treat
the seed as part of the key material and replace it when sufficient entropy
is available from hardware sources.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


German Police proceeds against anonymity service

2003-09-02 Thread R. A. Hettinga
http://www.datenschutzzentrum.de/material/themen/presse/anon-bka_e.htm

Independent Centre for Privacy Protection


2. September 2003

P R E S SšššR E L E A S E

German Police proceeds against anonymity service

The German Federal Bureau of Criminal Investigation (FBCI) obtained another
judicial decision against the AN.ON project last Friday. This decision by
the Lower District Court in Frankfurt /Main was a search warrant for the
rooms of the AN.ON project at the TU Dresden to find a protocol data record
for police investigation. This record had been recorded on the basis of a
judicial instruction which had been suspended in the meantime. On Saturday,
FBCI officers went to the apartment of the director of the Institute of
System Architecture at the Faculty of Information Technology and demanded
the surrender of the protocol data record. Since this was the only way to
avoid a police search in the institute, and therefore further disadvantage
to the TU Dresden, the data record was handed over. In the opinion of the
AN.ON operators, this procedure by the FBCI is not supported by the law.

According to the project partners' opinion, the decision by the Lower
District Court is unlawful. Since the enforcement of the duty to disclose
information instructed in a previous decision by the Lower District Court
(according to ŽŽ 100 g, h of the Code of Criminal Procedure) had been
suspended by the District Court in Frankfurt /Main, it had been clear that
there was no obligation to surrender until the final decision in the main
case was made. Therefore, the enforcement to surrender the data record by
use of a new search warrant is a law-abusing evasion of the decision made
by the District Court After the District Court had provisionally decided in
favour of AN.ON, the police was not allowed to fall back on general
surrender and seizure regulations (ŽŽ 103, 105 of the Code of Criminal
Procedure). The project partners are going to lodge an appeal against this
decision. The project partners consider a court examination of the FBCI
procedure to be definitely necessary.

š

Informationen about AN.ON unter:

http://www.anon-online.de

š

Press releases by the ICPP of Aug. 19, 2003: AN.ON still guarantees Anonymity

Press release by the ICCP of Aug. 27, 2003: First partial success for AN.ON

š



Information about the work of the ICCP:

Independent Centre for Privacy Protection Schleswig-Holstein
Holstenstra§e 98 / 24103 Kiel
Germany
Phone: +49 431/988-1200 / Fax: +49 431/988-1223 E-Mail:
[EMAIL PROTECTED]
Homepage: http://www.datenschutzzentrum.de

š

š




-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Searching for uncopyable key made of sparkles in plastic

2003-09-02 Thread R. A. Hettinga

--- begin forwarded text


Status:  U
Date: Tue, 2 Sep 2003 14:45:43 -0400
To: [EMAIL PROTECTED]
From: Peter Wayner [EMAIL PROTECTED]
Subject: Searching for uncopyable key made of sparkles in plastic
Sender: [EMAIL PROTECTED]

Several months ago, I read about someone who was making a key that 
was difficult if not impossible to copy. They mixed sparkly things 
into a plastic resin and let them set. A camera would take a picture 
of the object and pass the location of the sparkly parts through a 
hash function to produce the numerical key represented by this hunk 
of plastic. That numerical value would unlock documents.

This was thought to be very difficult to copy because the sparkly 
items were arranged at random. Arranging all of the sparkly parts in 
the right sequence and position was thought to be beyond the limits 
of precision for humans.

Can anyone give me a reference to this paper/project?


Thanks!

-Peter

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: JAP back doored

2003-09-02 Thread Steve Schear
http://www.heise.de/newsticker/data/jk-02.09.03-005/

German police have searched and seized the rooms (dorm?) of one of the JAP 
developers.  They were on the look for data that was logged throughout the 
period when JAP had to log specific traffic.  The JAP-people say that the 
seizure was not conform with German law. They suggest that the police was 
afraid that they wouldn't  gain the right to use this data before a normal 
court. So they stole it to make things clear.  And since the JAP team did 
cooperate with them the previous time they now have the logs to get seized.

I'll bet the logs weren't encrypted.  Fools.

steve

Anarchy may not be a better form of government, but it's better than no 
government at all.  

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PRNG design document?

2003-09-02 Thread Anton Stiglic
 Allow me to clarify my problem a little. I'm commonly engaged to review
 source code for a security audit, some such programs include a random
 number generator, many of which are of ad-hoc design. The nature of such
 audits is that it's much more appealing to be able to say here are three
 accepted guidelines that your generator violates rather than I haven't
 seen that before and I don't like it, you should replace it with something
 else.

Here are two references that might also be helpful:

http://www.cryptography.com/resources/whitepapers/VIA_rng.pdf
http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf

These are reports on the analysis of two RNGs, I found them well written.

--Anton


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Speaking of RFIDs [Was: Re: Call for Participation: RFID Privacy and Security Workshop at MIT, November 15th]

2003-09-02 Thread Adam Fields
On Mon, Sep 01, 2003 at 12:04:55PM -0400, Simson Garfinkel wrote:
   RFID PRIVACY AND SECURITY
   -WORKSHOP @ MIT-
CALL FOR PARTICIPATION

I'd like to develop a consumer application using RFIDs, but I've been
having trouble finding relatively basic information such as what kind
of a radio transceiver is needed to read them. Can the bluetooth
radios that seem to have very little other purpose be used for this?

Any good pointers for where to get started on RFID development, and
more importantly, how to secure such products (other than the
workshop, which I will not be able to attend)?

-- 
- Adam

-
Adam Fields, Managing Partner, [EMAIL PROTECTED]
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
http://www.adamfields.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: U.S. seeks OSCE pact on biometric passports

2003-09-02 Thread Duncan Frissell
Anyone have any pointers to non destructive methods of rendering Smart
Chips unreadable?  Just curious.

DCF

On Mon, 1 Sep 2003, R. A. Hettinga wrote:

 http://dynamic.washtimes.com/print_story.cfm?StoryID=20030901-124025-4029r

 The Washington Times
 www.washingtontimes.com

 U.S. seeks OSCE pact on biometric passports
 By Nicholas Kralev
 Published September 1, 2003


 VIENNA, Austria - The United States, seeking to keep out terrorists and other 
 criminals, this week begins a major diplomatic effort to persuade 54 nations to 
 adopt biometric standards when issuing passports to their citizens.
 Those standards, regulated by the International Civil Aviation Organization, 
 require every passport to have a machine-readable chip containing the owner's 
 digital photo, which is protected by a digital signature.
 The Bush administration, hoping to minimize the complexity of negotiating 
 separate bilateral agreements with all countries in the world, plans to start with a 
 multilateral accord among the 55 members of the Organization for Security and 
 Cooperation in Europe (OSCE), U.S. diplomats said.
 It's a significant logistical job, Stephen M. Menekes, the U.S. ambassador to 
 the Vienna, Austria-based organization, said in an interview. But it's here, all in 
 place, ready to be used.
 Mr. Menekes said J. Cofer Black, the State Department's coordinator for 
 counterterrorism, had the idea when he attended an OSCE conference in June, and 
 he walked out of here convinced that this was the way to go.
 U.S. diplomats say they hope to sign an agreement at the Dec. 1-2 annual OSCE 
 ministerial meeting in the Dutch city of Maastricht, which would give the event a 
 sufficiently high profile to guarantee the presence of Secretary of State Colin L. 
 Powell. Mr. Powell skipped the meeting last year because of more pressing 
 responsibilities.
 What we are hopeful is to get a decision at the ministerial that all states 
 will commit to at least begin issuing passports with biometric data by December 
 2005, said Katherine Brucker, a political officer at the U.S. mission to the OSCE.
 She noted that 21 of the OSCE members - most of them European Union states - are 
 on the Visa Waiver program, which allows their citizens to enter the United States 
 for short periods without first obtaining a visa at an American consulate overseas.
 They will be obligated to start issuing biometric passports by Oct. 26, 2004, 
 if they want to stay in the program, she said. They already said it's moving in 
 this direction.
 In a paper to its fellow OSCE members outlining its proposal, the United States 
 said that restricting the movement of terrorists and organized criminals is 
 imperative in the global fight against terror.
 The ability of criminals to forge travel documents - or to falsely obtain 
 genuine ones - remains a serious and ongoing problem, says the document, a copy of 
 which was given to The Washington Times.
 Harmonized travel document security measures and features among OSCE 
 participating states would greatly enhance security throughout our region. More 
 effective and harmonized issuance standards and controls, combined with 
 bearer-specific security features, would greatly inhibit the movement of 
 terrorists, it says.
 The Bush administration has been repeatedly accused abroad - particularly in 
 Europe - of pursuing a unilateral foreign policy and bullying other nations into 
 submitting to its wishes.
 But Miss Brucker said the administration is trying to identify ways a large 
 multinational organization can actually do something useful in the war on terror, 
 as in the case of OSCE.
 We've actually been quite successful, she said. The OSCE operates on 
 consensus, and its decisions are only politically - not legally - binding, but 
 countries do take them seriously.
 Soon after the September 11 attacks in 2001, the OSCE pledged to prevent the 
 movement of terrorist individuals or groups through effective border controls and 
 controls on issuance of identity papers and travel documents, as well as through 
 measures for ensuring the security of identity papers and travel documents and 
 preventing their counterfeiting, forgery or fraudulent use.




 Copyright © 2003 News World Communications,  Inc. All rights 
 reserved.
 Return to the article

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]



Re: invoicing with PKI

2003-09-02 Thread Anne Lynn Wheeler
At 12:23 PM 9/1/2003 -0400, Ian Grigg wrote:
  1.  invoicing, contracting - no known instances
  2.  authentication and authorisation - SSL client
  side certs deployed within organisations.
  3.  payments
  4.  channel security (SSL)
  5.  email (OpenPGP, S/MIME)
somewhat related thread in sci.crypt ... summary
http://www.garlic.com/~lynn/2003l.html#33 RSA vs AES
background
http://www.garlic.com/~lynn/2003l.html#24 RSA vs AES
http://www.garlic.com/~lynn/2003l.html#27 RSA vs AES
http://www.garlic.com/~lynn/2003l.html#28 RSA vs AES
http://www.garlic.com/~lynn/2003l.html#32 RSA vs AES
when we were working with small client/server startup for payments
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
we coined the term certificate manufacturing as part of doing due 
diligence on various commercial CAs ... to distinguish from PKI.

we've also since claimed that proposal, effectively by SSL server 
certification business ... to have public keys registered as part of the 
domain name process goes a long way to both 1) improving the integrity of 
the domain name infrastructure and 2) provides basis for trusted, real-time 
public key distribution making SSL server certificates redundant and 
superfluous.
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

One of the big issues with identity x.509 certificates from the early 90s 
was the quandary  with 1) overloading a certificate with huge amounts of 
privacy information (hoping that its use by unknown relying parties at some 
point in the future would find something in the certificate useful  and 2) 
the extremely onerous privacy issues with the spraying of such privacy 
information all over the world. Somewhat as a result, financial 
infrastructures dropped back to relying-party-only certificates  
something that effectively contained only the public key and the account 
number.
http://www.garlic.com/~lynn/subtopic.html#rpo
Somebody from Deutsche bank made a presentation in 1998 regarding having 
moved to relying-party-only certificates because of the enormous privacy 
and liability issues. However, since Duetsche bank had issued the 
certificate for the public key (and account), Duetsche bank already had the 
public key on file. There was actually nothing in the appended 
relying-party-only certificate that carried any information that Duetsche 
bank didn't already had on file (and the elimination of the requirement to 
append a certificate tended to remove a large payload penalty).

It was relatively trivial to show for financial transactions that 
relying-party-only certificates were redundant and superfluous (i.e. the 
financial institution already has all the information so there is no reason 
to tack a certificate on to the end of every transaction or communication 
with the bank).

The other issue ... somewhat highlighted by SET was that the payload 
penalty for certificates in the payment infrastructure was enormous ... a 
basic SET certificate possibly being two orders of magnitude larger than 
the basic payment message. As a result, SET typically was deployed for 
internet only operations with a gateway between the internet and the 
payment network performing the signature verification, stripping off the 
certificate and flagging the real payment transaction indicating that the 
signature had verified. First of all that violates one of the basic 
principles of end-to-end security. In fact, somebody from VISA presented 
some numbers in an ISO standards meetings about the transactions flowing 
through interchange with the signature verified flag set and they could 
prove that no digital signature technology was ever involved.

The financial standards x9a10 working group was given the requirement to 
preserve the integrity of the financial infrastructure for all electronic 
retail payments (aka ALL as in internet, non-internet, point-of-sale, 
face-to-face, non-face-to-face, debit, credit, ach, stored-value, etc ... 
i.e. ALL). The result was a digital signed transaction that was lightweight 
enough that it would operate in all environments and didn't require the 
enourmous payload penalty of an appended certificate:
http://www.garlic.com/~lynn/index.html#x959

NACHA tested a certificate-less digitally signed debit transaction in their 
Internet trials:
http://www.garlic.com/~lynn/index.html#aadsnacha

--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]