[13589] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Jun 11 19:04:48 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Jun 2003 15:38:18 -0600
To: David Honig <dahonig@cox.net>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Anne & Lynn Wheeler <lynn@garlic.com>,
Sunder <sunder@sunder.net>, "James A. Donald" <jamesd@echeque.com>,
"Email List: Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <3.0.5.32.20030611142439.00870580@pop.west.cox.net>
>You need a Better Business Bureau's cert, where the BBB is financially
>liable.
>(This implies it checks in *meatspace* and probably implies competition too.)
we actually included that in suggestion as part of original stuff for
setting up electronic commerce and providing comfort to consumers. however
it didn't take the form of a certificate .... which is left over from
ancient offline world (aka certificates are akin to the little BBB
certificates that you get to put in your window ... a comfort issue but
doesn't actually address any real cases). even before e-commerce, the real
BBB process was that people called up the BBB and got realtime information
.... i.e. it was an online, realtime process.
the equiivalent for an online, internet paradigm (as opposed to something
left over from the offline email genre of at least 10--15 years earlier)
was that the browswer tab;e pf trusted entities were of online authorities
(as opposed to certificate manufacturing) and if you cared, you clicked
thru to the BBB and got realtime information about the merchant in question
(being equivalent to when people call the BBB to actually get some level of
real input .... as opposed to just a fuzzy comfort fealing).
lots of past posts about merchant comfort certificates and ancient efforts
to suggest requiring a BBB operation for internet merchants:
http://www.garlic.com/~lynn/subpubkey.html#sslcert
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
