Is cryptography where security took the wrong branch?
Joseph Ashwood
ashwood at msn.com
Tue Sep 9 20:07:21 EDT 2003
Now that the waters have been muddied (by several of us). My point was that
3D-Secure (and SET and whatever else comes along) covers a different
position in the system than SSL does (or can). As such they do have a
purpose, even though they may be horribly bloated and nearly non-functional.
Visa at least seems to be supporting the 3D-Secure concept (they should,
they developed it), and looks like anyone can grab the spec from
http://international.visa.com/fb/paytech/secure/main.jsp . SET seems to be a
bit more elusive, although still available from
http://www.mastercardintl.com/newtechnology/set/ . Mastercard SecureCode
appears to be the current direction for MasterCard it's available at
http://www.mastercardmerchant.com/securecode/ . All of these differ in
target from SSL in the same way, they are designed to address the
Buyer-Issuer link (although some not as simply as others, e.g. SET). And yes
I am using a much simplified view of the credit card transaction, with only
3 (buyer, seller, issuer) parties instead of the absurd number actually
present in a real transaction (buyer seller, issuer, accepter, processor,
central card distributor, plus whoever I missed), I did this for clarity.
Joe
Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list