From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
To: E$ mailing list <e$@thumper.vmeng.com>, cypherpunks@toad.com
Message Hash: ad99b3e946d5d39838b4d44240cb63231cd8973b388b2fb82fe469ba0f02ec8c
Message ID: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
Reply To: N/A
UTC Datetime: 1996-04-08 23:17:01 UTC
Raw Date: Tue, 9 Apr 1996 07:17:01 +0800
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Tue, 9 Apr 1996 07:17:01 +0800
To: E$ mailing list <e$@thumper.vmeng.com>, cypherpunks@toad.com
Subject: Bank transactions on Internet
Message-ID: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain
Suddenly some banks here in Estonia have decided that they must start
offering banking services over Internet already during the next months.
What worries me is that some of them are talking about using 40-bit SSL as
the main security mechanism.
What about banks in US and Europe, how many of them are using Internet and
WWW to offer their services already? Is it possible to use WWW forms to
make real transactions or can you just view your transaction history and
account status? In case the banks are using WWW forms and SSL, are the
services limited to 128-bit clients?
How is the client authentication handled? Does the client just get a plain
username and password?
I had a look at some banks like Security First National Bank and some
others, and it seems that they use just SSL + username/password for they
banking services. Does this really work, especially with 40-bit keys?
SSL with client certificates would seem a little bit more secure once it
is available, but still not secure enough for real banking on Internet.
Just curious (and confused),
Juri Kaljundi
jk@digit.ee
Return to April 1996
Return to “Steve Reid <steve@edmweb.com>”