Re: EZ Pass and the fast lane ....

2004-07-10 Thread Jon Snader
On Sat, Jul 10, 2004 at 10:28:49AM +1000, Greg Rose wrote:
 
 If they could do that reliably, they wouldn't need the toll thingy, nu? I 
 have been told by someone in the photo-enforcement industry that their 
 reliability is only around 75%, and they're very expensive, and ... anyway, 
 not a viable solution to the problem given the current economics. But to a 
 weekly commuter over one of the bridges in New York, for example, it's 
 $1000 per year.
 

Just today I read the following remark by Brad Delong on Eric
Rescorla's Web site http://tinyurl.com/3aw8a:

The IRS's comparative advantage is using random terror to
elicit voluntary compliance with the tax code on the part of
relatively rich people.

Doesn't a similar principle apply here?  Let's grant, as you say,
that the system is only 75% effective, and perhaps the expense
prevents us from deploying it at every lane so that the
probability of catching a cheater is, say, only 40%.  If we make
the fine for cheating $5000 and/or 6 months in jail, then the
cheater's expected savings, considering just the fine, is -$1994,
assuming a $10 toll.  That seems like a pretty good deterrent to
me.

jcs

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: WYTM?

2003-10-16 Thread Jon Snader
On Mon, Oct 13, 2003 at 10:27:45PM -0400, Ian Grigg wrote:
 The situation is so ludicrously unbalanced, that if
 one really wanted to be serious about this issue,
 instead of dismissing certs out of hand (which would
 be the engineering approach c.f., SSH), one would
 run ADH across the net and wait to see what happened.
 
 Or, spit credit cards in open HTTP, and check how
 many were tried by credit card snafflers.  You might
 be waiting a long time :-)  But, that would be a
 serious way for credit card companies to measure
 whether they care one iota about certs or even
 crypto at all.
 

You're probably right about waiting a long time, but might that be
because trying to sniff credit card numbers is not worth it?
Not worth it because virtually everyone uses SSL when making on-line
purchases.  If everyone stopped using SSL, would we not expect to see
an increase in credit card sniffing?

Since, as you say, sniffing on the wire is harder than compromising
the end nodes, the bad guys naturally go after the low hanging
fruit, especially since a great deal of the ``interesting'' traffic
is cryptographically protected (or at least hardened).
*Of course* SSL isn't a complete security solution, but it is
effective in solving part of the problem; perhaps so well that it
makes it appear as if the problem doesn't exist.

jcs

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]