[704] in WWW Security List Archive
HP e-commerce protocol
daemon@ATHENA.MIT.EDU (hugo@watson.ibm.com)
Tue May 16 16:35:08 1995
From: hugo@watson.ibm.com
Date: Tue, 16 May 95 13:06:39 EDT
To: wenbo@wenbomao.hpl.hp.com, hfinney@shell.portal.com
cc: vishnu%cuckoo.hpl.hp.com@hplb.hpl.hp.com, e-payment@cc.bellcore.com,
owner-www-security@ns2rutgers.edu, www-security@ns2.rutgers.edu,
www-buyinfo@allegra.att.com, ssl-talk@netscape.com,
linehan@watson.ibm.com
Errors-To: owner-www-security@ns2.rutgers.edu
Ref: Your note of Tue, 16 May 95 17:18:34 BST
In response to notes by Wenbo and Hal Finney let me just point out to
minimal changes to 3KP that will provide a "CA-less" solution.
Just take away from the protocol any mentioning of certificates (denoted
$CERT_C , CERT_M , CERT_A$).
Assume now that the financial institution (e.g, the acquirer or issuer bank)
keeps a database of users and their corresponding public keys (users may be
customers or merchants), as in the case of the HP protocol.
Take away the sending of merchant's signature to the customer.
What you get is a CA-less protocol with all the properties claimed in
the HP-protocol.
I guess, this is what Hal calls an "intermediate step between 1KP and 3KP".
As for efficiency comparison with the HP protocol, the above CA-less 3KP
protocol, requires less exponentiations, less interaction between the
parties (at least flow 6 of HP is not needed as well as the extra flow from
M to F described in the bottom of page 8 of the HP paper), and it
does not require additional tickets "a la Kerberos".
Hugo
PS: Unfortunately, I am living for a 10 day trip on Thursday, so I will
not be able to keep myself in this (important) discussion.
