[9901] in cryptography@c2.net mail archive
No subject found in mail header
daemon@ATHENA.MIT.EDU (Richard Guy Briggs)
Tue Dec 4 04:34:23 2001
Date: Tue, 4 Dec 2001 06:05:19 -0500
From: Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
To: cryptography@wasabisystems.com
Message-ID: <20011204060519.C29844@grendel.conscoop.ottawa.on.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00e101c17c95$cdc07cc0$0200000a@fechk.local>; from em@who.net on Tue, Dec 04, 2001 at 03:32:04PM +0800
On Tue, Dec 04, 2001 at 03:32:04PM +0800, Enzo Michelangeli wrote:
> Actually, the authentication is not performed by Visa, but by the issuer
> (the member bank that has issued the card). Visa only manages a directory
> server where the merchant's plugin looks up the first six digits of the card
> number (a.k.a. the "issuer BIN") and finds the URL of the "Issuer
> Authentication Control Server". The merchant plugin then redirects the
> buyer's browser to that server, which in turn authenticates the buyer in any
> way it deems fit (normally, a password or PIN). Visa, merchant and acquiring
> bank are all out of the authentication loop: the process only involves
> issuer and cardholder.
>
> If the authentication is successful, the Issuer ACS certifies the card
> number (basically, signing it) and redirects the browser to the merchant's
> plugin, which verifies the issuer's signature (through a Visa-issued root
> cert) and proceeds. Only then it the transaction submitted for
> authorization.
So if I understand this correctly, if I am running a client, for which
there is no plugin, I am screwed? This seems pretty limiting.
> Enzo
slainte mhath, RGB
--
Richard Guy Briggs -- ~\ Auto-Free Ottawa! Canada
<www.TriColour.net> -- \@ @ <www.flora.org/afo/>
No Internet Wiretapping! -- _\\/\%___\\/\% Vote! -- <Green.ca>
<www.FreeSWAN.org>_______GTVS6#790__(*)_______(*)(*)_______<www.Marillion.com>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
