[691] in WWW Security List Archive
Re: Hidden Agenda
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Thu May 11 11:38:41 1995
To: elgamal@netscape.com (Taher ElGamal)
Cc: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>,
www-security <www-security@ns2.rutgers.edu>
In-Reply-To: Your message of "Wed, 10 May 1995 11:42:32 PDT."
<199505101842.LAA28802@neon.netscape.com>
Date: Thu, 11 May 1995 07:53:00 -0400
From: Amir Herzberg <amir@watson.ibm.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Taher replied thus to Mark,
> At 01:03 PM 5/10/95, Mark H Linehan/Watson/IBM Research wrote:
> >A colleague of mine asks that I post the following additional point regarding
> >one of the key design issues for iKP, just to make it clear that there is
> >nothing hidden: "most US people do not realize that for a payment system to
> >make it it must be exportable.
>
>
> >SSL and SHTTP are not unless you castrate
>
> That is not true in general. It depends how you use them.
Exactly. If SSL/SHTTP use is restricted to, say, using strong encryption only
for payment info, then quite possibly they may become exportable. iKP could
be viewed as exactly that - specifying a specific use for which strong
encryption would be possible. Of course, iKP implementation does not _have_
to be ssl/shttp based (at a later point I expect certain specific combinations
to be standardized for interoperability).
Best, Amir
p.s. discussion of iKP itself is done on e-payment@cc.bellcore.com
