[114166] in cryptography@c2.net mail archive
Re: Lack of fraud reporting paths considered harmful.
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Jan 28 11:41:37 2008
To: "James A. Donald" <jamesd@echeque.com>
Cc: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 28 Jan 2008 07:12:03 -0500
In-Reply-To: <479D5A06.1010902@echeque.com> (James A. Donald's message of "Mon\, 28 Jan 2008 14\:28\:54 +1000")
"James A. Donald" <jamesd@echeque.com> writes:
> Perry E. Metzger wrote:
>> The call-the-customer-and-reissue mechanism is a
>> mediocre solution to the fraud problem, but it is the
>> one we have these days.
>
> Why is it a mediocre solution?
>
> The credit card number is a widely shared secret. It
> has been known for centuries that widely shared secrets
> have a short life expectancy and should be frequently
> re-issued.
>
> The only better solution is unshared secrets. Is that
> what you had in mind?
Naturally. However, given what we have now, reissue is the only
reasonable option.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
