From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Fri, 2 Feb 1996 04:29:37 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: CONTEST:  Name That Program!
In-Reply-To: <sl3GafqMc50eQWYD0N@nsb.fv.com>
Message-ID: <199601301030.FAA03072@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <sl3GafqMc50eQWYD0N@nsb.fv.com> Nathaniel Borenstein <nsb@nsb.fv.com> writes:

> As you may have read in my previous message, First Virtual has developed
> and demonstrated a program that completely undermines all known schemes
> for using software-encrypted credit cards on the Internet.  More details
> are avialable at http://www.fv.com/ccdanger.

You are a liar.

Your program does not undermine all known schemes for transmitting
software-encrypted credit cards on the internet.  You have no way of
obtaining my credit card number, because I will not run your software.
Furthermore, because I use a Unix-like operating system (specifically
OpenBSD) which I re-build from source code every week or so, you would
need to hack my compiler to keep mis-compiling itself and compromise
my kernel or netstat, ps, etc, for which you would need to be root.

The first virtual protocol seems to have some real weeknesses.
However, I do not feel like wading through all the pages of text to
figure out what is going on.  I challenge you to post a concise
description of the protocol, using syntax such as:

  A -> B:  {ID, xxx, ...}_Ks

With short descriptions where necessary.  If you do, I'm sure we can
rip your protocol to shreds (which is why you won't).

David