[9900] in cryptography@c2.net mail archive
Re: VISA: All Your Password Are Belong to Us
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Tue Dec 4 03:43:42 2001
Message-ID: <010801c17c9d$e2502f20$0200000a@fechk.local>
Reply-To: "Enzo Michelangeli" <em@em.no-ip.com>
From: "Enzo Michelangeli" <em@who.net>
To: "Richard Guy Briggs" <rgb@conscoop.ottawa.on.ca>
Cc: <cryptography@wasabisystems.com>
Date: Tue, 4 Dec 2001 16:30:02 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Richard Guy Briggs" <rgb@conscoop.ottawa.on.ca>
To: "Enzo Michelangeli" <em@em.no-ip.com>
Cc: "John R. Levine" <johnl@iecc.com>; <cryptography@wasabisystems.com>
Sent: Tuesday, December 04, 2001 6:18 PM
Subject: Re: VISA: All Your Password Are Belong to Us
[...]
> So if I understand this correctly, if I am running a client, for which
> there is no plugin, I am screwed? This seems pretty limiting.
The plugin is a piece of software that runs on the merchant server, not on
the client (buyer's browser). Of course, this represents a pain in the neck
for the merchants, as they'll have to buy and install such plugin...
Unless, of course, the payment protocol is designed in such a way that the
card number is passed directly by the buyer's browser to a payment gateway
managed by the acquirer or a third-party processor: in that case a single
plugin will be shared among many merchants. That would be a good_thing
anyway to reduce the risk of theft of card numbers from misconfigured or
ill-protected merchant servers, but I suspect that the software vendors
selling plugins won't like it much ;-)
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
