[17909] in cryptography@c2.net mail archive
Re: the limits of crypto and authentication
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Jul 15 14:06:08 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 15 Jul 2005 12:18:20 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Florian Weimer <fw@deneb.enyo.de>,
"Steven M. Bellovin" <smb@cs.columbia.edu>, cryptography@metzdowd.com
In-Reply-To: <87mzorsv6q.fsf@snark.piermont.com>
Perry E. Metzger wrote:
> Ben Laurie <ben@algroup.co.uk> writes:
>
>>Perry E. Metzger wrote:
>>
>>>Anonymity is a concern to me, too, but I suspect that it is hard to
>>>get anonymity in a credit card transaction using current means, even
>>>if the merchant isn't online. Pseudonymity, perhaps.
>>
>>Can we not aim higher than merely doing as badly as current systems do?
>
>
> I think that by eliminating the need for a merchant to learn
> information about your identity I have aimed higher. Given that we're
> talking about credit instruments, however, it may be difficult to
> eliminate the need for the issuer to track transactions. However,
> given the way I've described the protocol, it would be possible to use
> a variant on it for digital cash purses without the merchant being
> impacted. It isn't clear to me, though, who would issue such things in
> the current environment.
You never know who might do stuff if its easy for them to do so. Make it
hard, and you can be more confident they won't.
But I'm glad to hear we're not in opposition on this.
Cheers,
Ben.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
