[48846] in Cypherpunks
Flaw in FV process (was FV and Netscape slagging each other
daemon@ATHENA.MIT.EDU (John Pettitt)
Wed Jan 31 19:08:33 1996
Date: Wed, 31 Jan 1996 15:57:57 -0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>, Jeff Weinstein <jsw@netscape.com>
From: John Pettitt <jpp@software.net>
Cc: cypherpunks@toad.com
At 05:56 PM 1/31/96 -0500, Nathaniel Borenstein wrote about Jeffs attack:
>Your attack would be caught by us relatively quickly because our model
>is based not on a single fail-safe piece of security software, but on
>*process* security. The overall process is multifaceted, with many
>checks and balances.
Yes this is all fine and good - but your process does not allow for real time
delivery of goods. For example:
Somebody wants to buy say micrsoft office from me for electronic delivery
(yes they have a lot of bandwidth :-). I can authorize a credit card, fun
it by my fraud screen and start shipping in less than 30 seconds. At this
point the transaction is done.
In the FV model as I understand it I'd have to ship the software and wait for
an approve/deny/fraud from the user. If it's anything but approved I'm SOL,
I still have to pay Microsoft for the product but I didn't get paid.
Solve that process flaw and I'll add FV support to software.net.
John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
"Technology is a way of organizing the universe so that man
doesn't have to experience it." - Max Frisch
