1997-11-12 - Re: SET

Header Data

From: “William H. Geiger III” <whgiii@invweb.net>
To: Eric Murray <ericm@lne.com>
Message Hash: 851fe393e6be80a481a522f2333598aac464094396a54dada1c20b39ab59cc19
Message ID: <199711121845.NAA31064@users.invweb.net>
Reply To: <199711121751.JAA01757@slack.lne.com>
UTC Datetime: 1997-11-12 18:57:54 UTC
Raw Date: Thu, 13 Nov 1997 02:57:54 +0800

Raw message

From: "William H. Geiger III" <whgiii@invweb.net>
Date: Thu, 13 Nov 1997 02:57:54 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: SET
In-Reply-To: <199711121751.JAA01757@slack.lne.com>
Message-ID: <199711121845.NAA31064@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <199711121751.JAA01757@slack.lne.com>, on 11/12/97 
   at 09:51 AM, Eric Murray <ericm@lne.com> said:

>[details: according to the spec the cardholder sends to the merchant
>thumbs (SHA1 hashes) of all the certs in the cardholder's cert cache.
>Since this will contain certs from merchants the cardholder has made
>purchases from in the past, a merchant could simply match up those
>merchant cert thumbs with cert thumbs he obtains from other merchants,
>allowing him to build a list of merchants the cardholder has attempted to
>make purchases from].


Sorry I haven't been keeping track of the SET but why would a merchant
need this info in the first place??? If anything one would think that this
would be client driven not server driven (ie the client queries the
merchant for the hash of his cert to see if the client already has a copy
or not). I am not quite sure what they are trying to accomplish by this
unless what you consider a "flaw" is realy a "feature by design"?

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNGn49o9Co1n+aLhhAQF7GAP+K2xbLQCLvFaR4nBpOOT3BfGoTtMikOvs
nhm3n4J3ALkIUtReRcwi3rc4q9/+TUK3Rq8gfVzFBCsFyDyAQLVMUCFBn7Ybja+j
qdloRfG4Tw2ueMOyaaO2/ao03s9tgOfP2Cfa0CwyScQI8BWMMoeKBongeSYZgMsm
bqGEG+XXyr4=
=rAEt
-----END PGP SIGNATURE-----






Thread