From: "Perry E. Metzger" <perry@imsi.com>
Date: Sat, 17 Dec 94 08:34:48 PST
To: cypherpunks@toad.com
Subject: Re: FV & PGP (was Re: First Virtual email security)
In-Reply-To: <199412170212.VAA21903@bb.hks.net>
Message-ID: <9412171634.AA03784@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Ellsworth says:
> James D. Wilson said:
> >Without cryptography how exactly are you going to protect my credit card
> >numbers from sniffer-snoopers and crackers?  Either you will send the
> >credit card text in the clear, or it will be encrypted somehow.  Or perhaps
> >you will have customers call you over the phone to give you their credit
> >card info?  
> 
> I would also like to be convinced on this point.  It seems that it's an
> either/or.  Either the info is in the clear, and thus vulnerable, or it's
> encrypted, and safer.

I'm not the biggest fan on earth of the way First Virtual is running
things, but you could have the decency to read what they've said
before making assumptions.

The answer is simple -- they never put the credit card number over the
wire at all, either encrypted or unencrypted. Go off and read their
documents if you want to know how that works.
 
Perry