1997-11-12 - Re: SET

Header Data

From: Robert Hettinga <rah@shipwright.com>
To: tygar@tygar.trust.cs.cmu.edu
Message Hash: 69523363a26c0e86bceb05bd598de617ce7e138373a9ded7c23c266bb977f903
Message ID: <v031107d1b08f8f625fc9@[139.167.130.248]>
Reply To: <2325.879351741@tygar.trust.cs.cmu.edu>
UTC Datetime: 1997-11-12 17:41:45 UTC
Raw Date: Thu, 13 Nov 1997 01:41:45 +0800

Raw message

From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 13 Nov 1997 01:41:45 +0800
To: tygar@tygar.trust.cs.cmu.edu
Subject: Re: SET
In-Reply-To: <2325.879351741@tygar.trust.cs.cmu.edu>
Message-ID: <v031107d1b08f8f625fc9@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

At 11:22 am -0500 on 11/12/97, Doug_Tygar@cs.cmu.edu wrote:


> Actually, I did not claim to break SET.  What I said was:
>
> (a)  because SET is such a complicated protocol, I am certain that it
>      does have flaws;
> (b)  SET does not have a clear design philosophy -- for example, it has
>      modes in which a consumer's credit card number is hidden from a
>      merchant and modes when it is given to a merchant.  These ambiguous
>      design points in the protocol make the protocol vulnerable to misuse.
>
> I have not made a serious effort to crack SET, yet.

Great. Thanks. Looking forward to seeing what you get.

Personally, I'm becoming convinced that SET is practically Ptolmaic in it's
complexity. You can get money from point A to point B, but you have to go
through a lot of epicycles to get there.

Transactional shovelware, maybe. Not unlike a lot of digital signature
legislation out there.

Unfortunately, I think that no MIS manager will get fired for using SET, and
it'll take a serious demonstration of a security breach before people will
listen to anything else. At least until someone demonstrates a transaction
protocol which is, say 3 orders of magnitude cheaper...

Cheers,
Bob Hettinga

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5

iQEVAwUBNGngp8UCGwxmWcHhAQE5bgf7B2yJ8ry6J+YeTe6K3uCTrXV5CdPYDy55
AGULzPsjkmc66HeVl8A65vlQ05mzKso2Y/AXE1KlnWDD6OiuppefHbCS1iOb6K6n
1ZE2B+EWPfwElakspqHQAH6y/RvduvJuQKtbjIrs9Hq0DAg6SurPdAGDrUrI/3QW
sVKgnNXRf2PKO1Nv4Lmbobm4fYhySbkLaevVv8mFfoKLC5/B0TC9xERiYLK0g8pj
y86gK09ZorPnZ/vqba7vUufPKd9lrQ7AV9OYjdaV/EYNGx2hR7QBBe5LyjIsCuEb
Infx5yB7hckVyz6iEbJFfF9qacDN19iA15XuyNqS2IweX8htf60ggw==
=mObY
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>







Thread