[688] in WWW Security List Archive
Re: Hidden Agenda
daemon@ATHENA.MIT.EDU (Taher ElGamal)
Wed May 10 18:59:26 1995
Date: Wed, 10 May 1995 11:42:32 -0700
To: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>,
www-security <www-security@ns2.rutgers.edu>
From: elgamal@netscape.com (Taher ElGamal)
Errors-To: owner-www-security@ns2.rutgers.edu
At 01:03 PM 5/10/95, Mark H Linehan/Watson/IBM Research wrote:
>A colleague of mine asks that I post the following additional point regarding
>one of the key design issues for iKP, just to make it clear that there is
>nothing hidden: "most US people do not realize that for a payment system to
>make it it must be exportable.
>SSL and SHTTP are not unless you castrate
That is not true in general. It depends how you use them.
>them. This is why iKP was designed the way it was. It leaves privacy of the
>order up to SSL/SHTTP to stay clear of export issues, but it secures privacy of
>the PIN and payment info with strong crypto wrapped in a snap-in component that
>can be used only for payment and is thus exportable (BTW we already have the OK
>from NSA and DoC in principle)."
>
>-------------------------------------------------------------------------------
The real reason why an payment protocol is needed is that it is a 3-way
protocol -- SSL and SHTTP cannot do that. Export is a separate deal.
>Mark H. Linehan
>IBM T. J. Watson Research Center, Hawthorne, New York
>linehan@watson.ibm.com; LINEHAN at WATSON
>http://w3.watson.ibm.com/~linehan/home.html (inside IBM only)
>(914) 784-7860; 8-863-7860; fax (914) 784-7484
>
>
Taher Elgamal
Chief Scientist
Netscape Communications Corp.
501 E Middlefield Road, Mountain View Ca 94043.
(415) 528 2898 (Tel)
(415) 528 4122 (Fax)
elgamal@netscape.com
