[16360] in cryptography@c2.net mail archive
RE: Financial identity is *dangerous*? (was re: Fake companies, real money)
daemon@ATHENA.MIT.EDU (Trei, Peter)
Mon Oct 25 16:42:14 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 25 Oct 2004 09:30:50 -0400
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: "Aaron Whitehouse" <lists@whitehouse.org.nz>
Cc: <cryptography@metzdowd.com>
> -----Original Message-----
> From: owner-cryptography@metzdowd.com
> [mailto:owner-cryptography@metzdowd.com]On Behalf Of Aaron Whitehouse
> Sent: Saturday, October 23, 2004 1:58 AM
> To: Ian Grigg
> Cc: cryptography@metzdowd.com
> Subject: Re: Financial identity is *dangerous*? (was re: Fake=20
> companies,
> real money)
>=20
>=20
>=20
>=20
> Ian Grigg wrote:
>=20
> > James A. Donald wrote:
> >
> >>> we already have the answer, and have had it for a decade:=20
> store it=20
> >>> on a trusted machine. Just say no to Windows XP. It's easy,=20
> >>> especially when he's storing a bearer bond worth a car.
> >>
> >>
> >>
> >> What machine, attached to a network, using a web browser,=20
> and sending=20
> >> and receiving mail, would you trust?=20
> >
> >
> >
> > None. But a machine that had one purpose in life:
> > to manage the bearer bond, that could be trusted
> > to a reasonable degree. The trick is to stop
> > thinking of the machine as a general purpose
> > computer and think of it as a platform for one
> > single application. Then secure that machine/OS/
> > stack/application combination.
> >
> > Oh, and make it small enough to fit in the pocket,
> > put a display *and* a keypad on it, and tell the
> > user not to lose it.
> >
> > iang
>=20
> How much difference is there, practically, between this and using a=20
> smartcard credit card in an external reader with a keypad? Aside from=20
> the weight of the 'computer' in your pocket...
>=20
> That would seem to me a more realistic expectation on=20
> consumers who are=20
> going to have, before too long, credit cards that fit that=20
> description=20
> and quite possibly the readers to go with them.
>=20
> Aaron
If we're going to insist on dedicated, trusted, physical=20
devices for these bearer bonds, then how is this different
than what Chaum proposed over 15 years ago?=20
If you just add a requirment for face to face transactions,
then I already have one of these - its called a wallet
containing cash.
Peter
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
