From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Wed, 24 Jan 1996 17:34:25 +0800
To: cypherpunks@toad.com
Subject: Re: DigiCash Ecash - 2 security topics
In-Reply-To: <199601221635.RAA13080@digicash.com>
Message-ID: <4e3von$8ut@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


>> > E.g. has there been a DigiCash response to Ian Goldberg's
>> > publication of a denial-of-service attack which operates by 
>> > spending a coin with the same serial number as your victim's 
>> > coin?
>> After discussing things with Ian we came up with several solutions. 
>> One is encrypting more messages (which we will do in a next revision 
>> of the protocol), the other is enabling ecash to work over ssl 
>> servers. You may not see the answer directly in the list, but you 
>> will see it in the next protocol revision.

Actually, my original suggestion was to include 'n' in the value encrypted
in the bank's public key.  The less we have to _rely_ on ecash-enabled
apps having to do their own encryption (like SSL), the better.
Of course, extra encryption is OK, too.

I wonder if Dave and I will get Digicash's reward for this one...
I still haven't seen anything from them (though various individuals keep
promising), or from Netscape either, for that matter... [emoticon elided]

   - Ian "starving grad student (sigh)"