Crypto Winter (Re: Looking back ten years: Another Cypherpunks failure)

Sun Jan 27 17:53:58 EST 2002

the straight-forward mapping of credit card payment to the internet used
"MOTO" business process (mail order/telephone order, aka existing
non-face-to-face operation) to handle poorly authenticated transactions.
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3

the financial industries standard work on that was basically to provide
authenticated transaction using digital signatures to all electronic
payment transactions .... with the requirement given the standards group
"to preserve the integrity of the financial infrastructure" ... aka the
x9.59 work applies to credit transactions, debit transactions, ach
transactions, gift card transactions, etc. and applicable to all
environments (internet, non-internet, point-of-sale, etc)

An x9.59 issue is that it removes the requirement for name associated with
the transaction. This meets an EU requirement that at the point-of-sale, an
electronic transactions should be as anonymous as cash.

The claim then is the x9.59 work is privacy neutral .... aka identification
is removed from the transaction. To the extent there is any identification
involved .... it is in mapping individuals to accounts. Gift cards don't
have mapping of individuals to accounts ... and x9.59 would neither
increase nor decrease the annonymity of gift cards. Gift cards are
typically procssed with the some point-of-sale terminal as existing
debit/credit cards and at least initially typically flow thru the same
network. That means that the current webserver based use of credit cards
.... flows into the same network that debit and gift cards flows into. The
issue isn't the mechanics of enabling debit and gift cards for internet
webserver use .... the issue is providing authentication in an "open &
insecure" network (the internet) compared to closed/secure network that the
point-of-sale terminals directly connect into. X9.59 is defined to provide
such authentication in a secure manner across all payment transactions.

With respect to credit &/or debit accounts, again X9.59 neither increases
nor decreases the annonymity of those accounts; to the degree that
particular institutions allow annonymity associated with such accounts ...
x9.59 then is privacy neutral in the protocol.

so the issue here is that the bits and pieces of privacy-enhanced payment
transactions already exists and has for some time. a new one doesn't really
need to be invented; the basic issue is really the technology needed to
transission some of these existing privacy-enhanced payment transactions
from closed network to an open network environment.

misc. refs:
http://www.garlic.com/~lynn/index.html#x959
http://www.garlic.com/~lynn/subtopic.html#privacy

raw at shipwright.com on 1/27/2002 12:08 pm forwarded:

On Saturday, January 26, 2002, at 09:55  PM, Dr. Evil wrote:

> We know that some kind of privacy-enhanced payment system has been one
> of the long-time c'punk goals, probably for at least ten years.  We
> know that we are probably further away from having that be a reality
> than we were ten years ago.  This is excusable; the obstacles are
> enormous.  You need a lot of people to use it before it's useful, and
> there are all kinds of regulatory problems.  And there are a whole
> list of other problems, too.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com