[17826] in cryptography@c2.net mail archive
Re: the limits of crypto and authentication
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 12 13:27:08 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Ben Laurie <ben@algroup.co.uk>
Cc: Florian Weimer <fw@deneb.enyo.de>,
"Steven M. Bellovin" <smb@cs.columbia.edu>, cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Jul 2005 13:24:42 -0400
In-Reply-To: <42D3FC2C.2080709@algroup.co.uk> (Ben Laurie's message of "Tue,
12 Jul 2005 18:21:48 +0100")
Ben Laurie <ben@algroup.co.uk> writes:
>>>Not entirely clear what you mean by the "issuing bank" here, but I'm
>>>hoping you don't mean that the bank issues the device - that would be
>>>very tedious.
>>
>> Tedium is something that computers do very well. They don't care
>> about how much work they have to do. The only issue is whether we
>> induce too many serialized public key operations, and thus too much
>> delay.
>
> Sure, but multiple physical devices aren't my computer's problem,
> they're my problem.
Ah, I see what you mean.
Sadly, I don't think there is much to be done about that, but I think
that (personally) I'd only end up with two of the things. If they can
be made credit card sized, I don't see this as worse than what I have
to carry now.
>>>This would preclude, for example, offline transactions.
>> We used to live in an era where offline transactions were
>> important. Now that you can get online literally anywhere, and now
>> that merchants pretty much are required to check card validity and
>> funds availability online anyway, that's no longer an interesting
>> concern. I can't think of the last time I was involved in an offline
>> transaction -- even folks at street fairs can now afford GPRS and
>> similar communications for their veriphone (and similar) units.
>
> There are reasons to want to do offline transactions and to not have
> intermediaries that go beyond mere connectivity. Anonymity being the
> one of most concern to me, but I'll wager there are others.
Anonymity is a concern to me, too, but I suspect that it is hard to
get anonymity in a credit card transaction using current means, even
if the merchant isn't online. Pseudonymity, perhaps.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
