From: Rich Salz <rsalz@osf.org>
Date: Tue, 30 Jan 1996 10:34:54 +0800
To: nsb@nsb.fv.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <9601300006.AA15845@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>It's considerably more than that.  Please read on.

No, Nathaniel, it is not.  You watch keystrokes and record the ones you're
interested in.  This technique has interesting possibilities, but all your
PR screaming won't make it anything more than what it is.

How interesting are these possibilities?  It's hard to say.  Don't run
software you don't trust.  Well, most of the people on this list probably
already know that.  I betcha a good-sized portion of the computer-using
populace knows this, but actively (or passively) defers the choice to
someone else.

You must trust something.  You folks trust the telephone (never gets
tapped, right) the postal service (of course mail never gets stolen) banks
or credit card companies (which never have problems).  And then, on top
of that foundation of sand you build a commerce system with MIME and
SMTP (sendmail is the most bugfree program ever written).

I used to think you were aggressive techies, now you're just greedy
bastards who will seemingly stop at nothing; Stef's blatant attempts
to ensure MIME's use in IETF-PAY was not an exception, but the first
salvo.

You make me sorry I invented safe-tcl and made FV possible.
	/r$