From: “Perry E. Metzger” <perry@imsi.com>
To: cypherpunks@toad.com
Message Hash: 19ae920376d1b3a525735fa167c6385f2c663a0e93a9a749cbfc96bb9bc4b1cd
Message ID: <9412171634.AA03784@snark.imsi.com>
Reply To: <199412170212.VAA21903@bb.hks.net>
UTC Datetime: 1994-12-17 16:34:48 UTC
Raw Date: Sat, 17 Dec 94 08:34:48 PST
From: "Perry E. Metzger" <perry@imsi.com>
Date: Sat, 17 Dec 94 08:34:48 PST
To: cypherpunks@toad.com
Subject: Re: FV & PGP (was Re: First Virtual email security)
In-Reply-To: <199412170212.VAA21903@bb.hks.net>
Message-ID: <9412171634.AA03784@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Mike Ellsworth says:
> James D. Wilson said:
> >Without cryptography how exactly are you going to protect my credit card
> >numbers from sniffer-snoopers and crackers? Either you will send the
> >credit card text in the clear, or it will be encrypted somehow. Or perhaps
> >you will have customers call you over the phone to give you their credit
> >card info?
>
> I would also like to be convinced on this point. It seems that it's an
> either/or. Either the info is in the clear, and thus vulnerable, or it's
> encrypted, and safer.
I'm not the biggest fan on earth of the way First Virtual is running
things, but you could have the decency to read what they've said
before making assumptions.
The answer is simple -- they never put the credit card number over the
wire at all, either encrypted or unencrypted. Go off and read their
documents if you want to know how that works.
Perry
Return to December 1994
Return to ““Perry E. Metzger” <perry@imsi.com>”