From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: Laurent Demailly <dl@hplyot.obspm.fr>
Message Hash: 0a969e8c34070c8908b5b7f34fcf873e95359c1c572effe663eb1664f415c406
Message ID: <0kMA2EqMc50eMEb4Yx@nsb.fv.com>
Reply To: <v02120d1aac85dff6bc68@[199.0.65.105]>
UTC Datetime: 1995-09-21 03:46:59 UTC
Raw Date: Wed, 20 Sep 95 20:46:59 PDT
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 20 Sep 95 20:46:59 PDT
To: Laurent Demailly <dl@hplyot.obspm.fr>
Subject: Re: first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping)
In-Reply-To: <v02120d1aac85dff6bc68@[199.0.65.105]>
Message-ID: <0kMA2EqMc50eMEb4Yx@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain
Laurent -- I strongly recommend that you make an effort to understand
the real risks involved in Internet commerce. There are critical
security flaws in the encrypted commerce approach, which I fear you are
overlooking. By focusing on the ease of stealing a single identifier,
or faking a single transaction, I think you overlook some much more
important issues.
The point is not that people can't intercept your First Virtual ID by
sniffing on the net. Obviously they can.
The point is not that people can't forge mail from you. Obviously they can.
The point is not that people can't intercept FV's confirmation query,
which contains a one-time code, and forge the appropriate response to
authorize that purchase. Obviously they can.
The point is not that people can't selectively block your incoming mail,
so that you can't even tell when the above has happened. Obviously they
can.
The point is that if someone goes to all the trouble of doing all the
above -- which is what it takes to commit serious fraud with First
Virtual -- then *all* that they get is the temporary use, on the
Internet only, of a single credit card. (Note also that I've just
spelled out *exactly* what it takes to commit fraud with FV. I am
suspicious of any commerce systems that don't offer such an explanation.
In the case of SSL, the explanation would probably start out, "find a
single bug in the implementation of the cryptographic algorithms.")
Schemes like SSL, which encrypt a credit card number and then transmit
it on the net, carry with them a very different kind of risk: the risk
that a single criminal could steal MILLIONS of credit card numbers.
If an SSL-like scheme were in wide use world-wide, the hacker who just
made a name for himself by breaking SSL could instead have gone down in
HISTORY as the person who destroyed the twentieth-century credit card
system by stealing millions of credit cards and using each one just
once. Or, if his goals were more practical, he could have simply chosen
any desired level of affluence and lived that way for the rest of his
life. (This is not an exaggeration. I can flesh this out to an
alarming degree of detail, actually.)
FV does not claim to have invented a method of commerce that is
foolproof. There is no such system, and that certainly includes the
existing credit card, cash, and check infrastructure. What FV has
invented is a system for Internet commerce in which the risk/reward
ratio is sufficiently low to permit large-scale commerce. Any
cryptographic approaches which make similar claims must also be
evaluated in terms of risk/reward ratio. If a system has a catastrophic
risk, no matter how low-probability, this is worse than a system with
higher-probability risks of much lower consequence. (When driving my
car, I'd rather be in ten fender-benders than one high-speed head-on
collision at 90 MPH.)
My own experience with real-world software -- which is only confirmed by
the recent SSL scandal -- makes me tend to believe that every program
has bugs, and that therefore every crypto system will carry with it a
significant practical risk of compromise. It therefore makes no sense
to design the commerce infrastructure in such a way that the cost of
that risk is catastrophic. FV has had several minor incidents of fraud.
They didn't make any headlines and they didn't require any mad scramble
to fix the software, because the costs of the fraud were so low to all
concerned. -- Nathaniel
--------
Nathaniel S. Borenstein <nsb@fv.com> | When privacy is outlawed,
Chief Scientist, First Virtual Holdings | only outlaws will have privacy!
FAQ & PGP key: nsb+faq@nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND!
---VIRTUAL YELLOW RIBBON-->> zldf@clark.net <http://www.netresponse.com/zldf>
Return to September 1995
Return to “rah@shipwright.com (Robert Hettinga)”