From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 18 Aug 95 09:36:57 PDT
To: cypherpunks@toad.com
Subject: SSL challenge and escrows
Message-ID: <9508181635.AA23177@all.net>
MIME-Version: 1.0
Content-Type: text


I think a lot of people miss the distinction between automated message
cracking and dumpster diving.  Dumpster diving is not free.  It costs at
least a dollar each to get credit card slips by dumpster diving. 

Consider that in order to use the information, you have to get the slip,
pull off the numbers, enter them into a computer (or even worse yet,
create a phoney card or make a phone call) in order to use the
information.  The break-even point for an automated cracking and usage
system is more than a dollar per stolen card.  My parallel processor
is actually more cost effective for crimilar theft via credit card fraud.

What does this have to do with escrow?  My escrow offer costs less than
the cost of crimial attack.  If it reduces attack, it is cost effective
and should lower the overall cost of transaction processing.

In fact, I have a friend who says he will escrow keys for free, but he
is less trustworhty than I am, and I think he wants to get his dollar on
the other side.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236