1997-11-12 - SET

Header Data

From: Doug_Tygar@cs.cmu.edu
To: tygar@tygar.trust.cs.cmu.edu
Message Hash: 9bd39aed33f7b71e91b93c5be6003d14b9cc85da15f4ccd0b75add42576ff3c2
Message ID: <2325.879351741@tygar.trust.cs.cmu.edu>
Reply To: N/A
UTC Datetime: 1997-11-12 16:29:38 UTC
Raw Date: Thu, 13 Nov 1997 00:29:38 +0800

Raw message

From: Doug_Tygar@cs.cmu.edu
Date: Thu, 13 Nov 1997 00:29:38 +0800
To: tygar@tygar.trust.cs.cmu.edu
Subject: SET
Message-ID: <2325.879351741@tygar.trust.cs.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain

rah@shipwright.com wrote:

>At Doug Tygar's talk at Harvard last week, he claimed to have found a way
>to crack it. I, um, forgot to press him on this. Has anyone heard about
>this, or what it might be?

Actually, I did not claim to break SET.  What I said was:

(a)  because SET is such a complicated protocol, I am certain that it
     does have flaws;
(b)  SET does not have a clear design philosophy -- for example, it has
     modes in which a consumer's credit card number is hidden from a
     merchant and modes when it is given to a merchant.  These ambiguous
     design points in the protocol make the protocol vulnerable to misuse.

I have not made a serious effort to crack SET, yet.

-- Doug Tygar