1998-11-24 - Re: Digital bearer postage stamps

Header Data

From: Ryan Lackey <ryan@systemics.ai>
To: Robert Hettinga <dbs@philodox.com
Message Hash: fa33a811aa118cf9b2c0df8ae03f2340af6083d5d70745b16844a246947d09a9
Message ID: <19981123210116.C1071@arianrhod.@>
Reply To: <v04020a0ab27eeb6523df@[62.136.62.81]>
UTC Datetime: 1998-11-24 01:28:57 UTC
Raw Date: Tue, 24 Nov 1998 09:28:57 +0800

Raw message

From: Ryan Lackey <ryan@systemics.ai>
Date: Tue, 24 Nov 1998 09:28:57 +0800
To: Robert Hettinga <dbs@philodox.com
Subject: Re: Digital bearer postage stamps
In-Reply-To: <v04020a0ab27eeb6523df@[62.136.62.81]>
Message-ID: <19981123210116.C1071@arianrhod.@>
MIME-Version: 1.0
Content-Type: text/plain



Quoting Robert Hettinga (rah@shipwright.com):
> I wonder if these guys have heard of double spending?
> 
> Does anyone know whether this is some kind of 2-d barcode (it must be) or
> is it something else?
> 
> Cheers,
> Robert Hettinga

It's a 2-d barcode, with a bunch of info encoded into it..

Short answer: they use statistical security measures to prevent double
spending, but they have a *scary* reputation and limitless resources
to pursue fraud, something no one else really has.  I would not be
brave enough to double spend with this system from my home state, if
I were in the US.

Longer rambling answer:

The E-stamp folks are pretty hardcore as far as security goes, I recall.
They use a Dallas Semiconductor iButton (plug: check out the ibuttonpunks
mailing list....) as a local value store, after paying for postage
at a central location, and do other security measures I don't quite
recall -- perhaps encoding your local post office, such that the local
post office could keep its own database of double spenders, or having
a global double spending database.

The post office is pretty much protected from fraud, in any case -- much
more than existing letters (which can be forged against high-speed
equipment using a phosophor pen).

I'm not sure how E-stamp protects itself from fraud, or protects its
customers from E-stamp committing fraud, but I'm fairly convinced there is
at least statistical security for the USPS against users.

I believe the USPS published a standard during the search for a new
postage system -- they did a pretty good job of it, I just never bothered
to buy a copy.  If someone bought a copy and mailed it to jya, it would
be doing everyone a service.

(Even if you have the nerve to commit bank wire fraud, check fraud, armed
robbery, espionage, sedition, etc., you probably still aren't brave/reckless
enough to commit postal fraud, though -- USPS inspectors make IRS
auditors look passive)


Cheers,
Ryan
ryan@venona.com







Thread