From: eric@remailer.net (Eric Hughes)
To: www-buyinfo@allegra.att.com
Message Hash: 83b42a7053ebf46e14c98ab703a934c75fb6f1ed82f4e022ffa01cdeb9443025
Message ID: <199412152234.OAA07282@largo.remailer.net>
Reply To: <giw_XSP0Eyt5RL_b0K@nsb.fv.com>
UTC Datetime: 1994-12-15 21:37:12 UTC
Raw Date: Thu, 15 Dec 94 13:37:12 PST
From: eric@remailer.net (Eric Hughes)
Date: Thu, 15 Dec 94 13:37:12 PST
To: www-buyinfo@allegra.att.com
Subject: Re: properties of FV
In-Reply-To: <giw_XSP0Eyt5RL_b0K@nsb.fv.com>
Message-ID: <199412152234.OAA07282@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain
[re: making a receivables system for small value]
Assuming that thing that you're "cobbling together" is based on a
reasonably robust database engine, it should scale a long, long way.
It's not the technology but the number of different kinds of
exceptions to track that cause it not to scale. You don't need to
solve those problems right away, though.
> Partial security is better than no security.
That's a *very* interesting statement. I'm not at all sure what it
means, so I'm not sure if I believe it or not. Sometimes partial
security is worse than no security because it gives people a false
*sense* of security.
It's like this. If there are two ways to break into my house, bashing
in the front door and climbing through second story windows, it's
better to have a strong front door and no bars on the upper windows
than to have no strength in the front door and still no bars.
Regardless of the security, users need to understand what it gives
them. This is orthogonal to the choice of security, as well as to the
persistence of thick-headedness in society.
> In particular, if a digital signature does not, by agreement, carry an
> implied warrantee of identity, then there's no problem at all.
I sense that I this wording was less than fully explanatory.
What this means using FV as an example, say, is that FV will not claim
that a signed message actually originated from someone. A signature
would be _advisory only_, and carry no legal weight as a signature or
a proof of identity. You can still require signatures, because this
does improve security.
Suppose that a customer disavows a signed transaction, saying "Someone
must have hacked my account". What you could _not_ do in this example
is then to claim that "Well, it must be your account; it has your
signature on it", because _by agreement_ the customer is not making
any implicit claims about who actually holds the private key. In
fact, the disclaimer of a warrantee of identity makes _explicit_
the fact that the private key is not relied upon to be held secretly.
This is partial security. It is not all that can be accomplished with
crypto; it is only a part. The partial security, however, still has
value.
> Use
> the crypto entirely for transit security. If someone hacks your
> machine and grabs your passphrase and forges a transaction, at least
> the intruder has to grab your passphrase.
This is exactly the way we would expect to use crypto layered on top of
First Virtual's protocols, if and when such cryptographic protocols are
deployed widely enough to have penetrated af meaningful portion of our
market.
"If and When" is Yes and Today. Anybody who can autosign their
outgoing mail can participate in this kind of transaction already.
Assuming the above agreement is made with respect to private keys,
there is _no_ risk to the customer about loss of secret keys, and no
greater risk to the merchant than what currently obtains.
The dreams of utopia in cryptography are beginning to hold back
deployment as much as architectural problems.
Eric
Return to December 1994
Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”