Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]
Ian Brown
I.Brown at cs.ucl.ac.uk
Mon Sep 16 18:55:27 EDT 2002
> At 06:45 PM 9/16/2002 +0000, David Wagner wrote:
> A banking application
> is a great example where the user's and the bank's interests are aligned,
Not when it comes to liability for disputed transactions... I don't know
about other countries, but UK banks tend to put statements such as "Our
records of transactions shall be conclusive unless the user can prove
otherwise" in online terms and conditions:
http://elj.warwick.ac.uk/jilt/00-3/bohm.html
Not to mention using symmetric rather than asymmetric crypto to authenticate
specific instructions from the user, in one place where you *really* don't
want someone in control of the relevant bank system to be able to forge
instructions.
Relevence to the Pd debate is that banks may in future insist on remote
attestation of users' software (however practically possible that is) so
that they can attempt to dump yet more liability on their users ("Ladies and
gentlemen of the jury, Mr Doe's claim that he did not authorise this
transfer to a Caribbean account is obviously fraudulent as his Fritz chip
proved to us that his system had not been compromised"...)
Ian.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list