non-repudiation, was Re: crypto flaw in secure mail standards

Lynn.Wheeler at firstdata.com Lynn.Wheeler at firstdata.com
Mon Jul 9 13:02:49 EDT 2001


for a fuller discussion of SSL & SET discussion ... set x9a10 mailing list
archives

http://lists.commerce.net/archives/ansi-epay/199905/maillist.html

the above has the postings in reverse cronological order.

but, basically the bottom line is that there are a number of merchant
credit card business process that require the merchant to have the PAN (or
merchant credit card stuff doesn't work).

specific posting (from somebody at visa):

http://lists.commerce.net/archives/ansi-epay/199905/msg00009.html







Eric Rescorla <ekr at speedy.rtfm.com>@rtfm.com on 07/07/2001 11:54:44 AM

Please respond to EKR <ekr at rtfm.com>

Sent by:  ekr at rtfm.com


To:   Lynn Wheeler/CA/FDMS/FDC at FDC
cc:   Greg Broiles <gbroiles at well.com>, jamesd at echeque.com, James M Galvin
      <galvin at acm.org>, cryptography at wasabisystems.com,
      ansi-epay at lists.commerce.net
Subject:  Re: non-repudiation, was Re: crypto flaw in secure mail standards


Lynn.Wheeler at firstdata.com writes:
> one of the biggest problems that has led to most of the regulations is
the
> ease that account-number harvesting can occur and then the account number
> used in fraudulent, non-authenticated transactions. The SET-like
protocols
> didn't address this issue.
How so? In at least one mode, SET denied the merchant the PAN.

-Ekr

--
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list