Financial identity is *dangerous*? (was re: Fake companies, real money)
Trei, Peter
ptrei at rsasecurity.com
Mon Oct 25 09:30:50 EDT 2004
> -----Original Message-----
> From: owner-cryptography at metzdowd.com
> [mailto:owner-cryptography at metzdowd.com]On Behalf Of Aaron Whitehouse
> Sent: Saturday, October 23, 2004 1:58 AM
> To: Ian Grigg
> Cc: cryptography at metzdowd.com
> Subject: Re: Financial identity is *dangerous*? (was re: Fake
> companies,
> real money)
>
>
>
>
> Ian Grigg wrote:
>
> > James A. Donald wrote:
> >
> >>> we already have the answer, and have had it for a decade:
> store it
> >>> on a trusted machine. Just say no to Windows XP. It's easy,
> >>> especially when he's storing a bearer bond worth a car.
> >>
> >>
> >>
> >> What machine, attached to a network, using a web browser,
> and sending
> >> and receiving mail, would you trust?
> >
> >
> >
> > None. But a machine that had one purpose in life:
> > to manage the bearer bond, that could be trusted
> > to a reasonable degree. The trick is to stop
> > thinking of the machine as a general purpose
> > computer and think of it as a platform for one
> > single application. Then secure that machine/OS/
> > stack/application combination.
> >
> > Oh, and make it small enough to fit in the pocket,
> > put a display *and* a keypad on it, and tell the
> > user not to lose it.
> >
> > iang
>
> How much difference is there, practically, between this and using a
> smartcard credit card in an external reader with a keypad? Aside from
> the weight of the 'computer' in your pocket...
>
> That would seem to me a more realistic expectation on
> consumers who are
> going to have, before too long, credit cards that fit that
> description
> and quite possibly the readers to go with them.
>
> Aaron
If we're going to insist on dedicated, trusted, physical
devices for these bearer bonds, then how is this different
than what Chaum proposed over 15 years ago?
If you just add a requirment for face to face transactions,
then I already have one of these - its called a wallet
containing cash.
Peter
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list