VISA: All Your Password Are Belong to Us
Enzo Michelangeli
em at who.net
Tue Dec 4 03:30:02 EST 2001
----- Original Message -----
From: "Richard Guy Briggs" <rgb at conscoop.ottawa.on.ca>
To: "Enzo Michelangeli" <em at em.no-ip.com>
Cc: "John R. Levine" <johnl at iecc.com>; <cryptography at wasabisystems.com>
Sent: Tuesday, December 04, 2001 6:18 PM
Subject: Re: VISA: All Your Password Are Belong to Us
[...]
> So if I understand this correctly, if I am running a client, for which
> there is no plugin, I am screwed? This seems pretty limiting.
The plugin is a piece of software that runs on the merchant server, not on
the client (buyer's browser). Of course, this represents a pain in the neck
for the merchants, as they'll have to buy and install such plugin...
Unless, of course, the payment protocol is designed in such a way that the
card number is passed directly by the buyer's browser to a payment gateway
managed by the acquirer or a third-party processor: in that case a single
plugin will be shared among many merchants. That would be a good_thing
anyway to reduce the risk of theft of card numbers from misconfigured or
ill-protected merchant servers, but I suspect that the software vendors
selling plugins won't like it much ;-)
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list