Difference between TCPA-Hardware and other forms of trust

bear bear at sonic.net
Mon Dec 22 19:26:39 EST 2003 


On Sat, 20 Dec 2003, Ian Grigg wrote:

>Bill Frantz wrote:
>
>> [I always considered the biggest contribution from Mondex was the idea of
>> deposit-only purses, which might reduce the incentive to rob late-night
>> business.]
>
>...
>
>The first smart card money system in the Netherlands
>was a service-station system for selling fuel to
>truck drivers.  As security costs kept on rising,
>due to constant hold-ups, the smart card system
>was put in to create stations that had no money
>on hand, so no need for guards or even tellers.
>
>This absence of night time staff created a great
>cost saving, and the programme was a big success.
>Unfortunately, the early lessons were lost as time
>went on, and attention switched from single-purpose
>to multi-purpose applications.

This underscores an important point.  In security
applications limitations are often a feature rather
than a bug.  We are accustomed to making things better
by making them able to do more; but in some spaces
it's actually better to use a solution that can do
very little.

Much of the current security/cryptography angst can
be summed up as "small, limited, simple systems work,
but big, complex, general systems are very hard to
get right or have unintended drawbacks."  Often the
very generality of such systems is a barrier to their
wide adoption.

I would say that if you want to make any money in
cryptography and security (and make it honestly) you
should pick one business application, with one threat
model and one business model, and nail it.  Add no
features, nor even include any room in your design,
that don't directly address *that* problem.  When
you are able to present people with a solution to
one problem, which has no requirement of further
involvement than solving that one problem and introduces
no risks or interactions other than those flatly necessary
to solve that one problem, then they'll pay for it.

But when we start talking about multi-function cards,
it becomes a tradeoff where I can't get anything I want
without getting things I don't want or risking network
effects that will lead to markets dominated by business
models I don't want to deal with.  It makes the buy
decision complicated and fraught with risk.

			Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list