non-repudiation, was Re: crypto flaw in secure mail standards
Lynn.Wheeler at firstdata.com
Lynn.Wheeler at firstdata.com
Mon Jul 9 13:02:49 EDT 2001
for a fuller discussion of SSL & SET discussion ... set x9a10 mailing list
archives
http://lists.commerce.net/archives/ansi-epay/199905/maillist.html
the above has the postings in reverse cronological order.
but, basically the bottom line is that there are a number of merchant
credit card business process that require the merchant to have the PAN (or
merchant credit card stuff doesn't work).
specific posting (from somebody at visa):
http://lists.commerce.net/archives/ansi-epay/199905/msg00009.html
Eric Rescorla <ekr at speedy.rtfm.com>@rtfm.com on 07/07/2001 11:54:44 AM
Please respond to EKR <ekr at rtfm.com>
Sent by: ekr at rtfm.com
To: Lynn Wheeler/CA/FDMS/FDC at FDC
cc: Greg Broiles <gbroiles at well.com>, jamesd at echeque.com, James M Galvin
<galvin at acm.org>, cryptography at wasabisystems.com,
ansi-epay at lists.commerce.net
Subject: Re: non-repudiation, was Re: crypto flaw in secure mail standards
Lynn.Wheeler at firstdata.com writes:
> one of the biggest problems that has led to most of the regulations is
the
> ease that account-number harvesting can occur and then the account number
> used in fraudulent, non-authenticated transactions. The SET-like
protocols
> didn't address this issue.
How so? In at least one mode, SET denied the merchant the PAN.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list