the limits of crypto and authentication

Perry E. Metzger perry at piermont.com
Tue Jul 12 13:24:42 EDT 2005


Ben Laurie <ben at algroup.co.uk> writes:
>>>Not entirely clear what you mean by the "issuing bank" here, but I'm
>>>hoping you don't mean that the bank issues the device - that would be
>>>very tedious.
>>
>> Tedium is something that computers do very well. They don't care
>> about how much work they have to do. The only issue is whether we
>> induce too many serialized public key operations, and thus too much
>> delay.
>
> Sure, but multiple physical devices aren't my computer's problem,
> they're my problem.

Ah, I see what you mean.

Sadly, I don't think there is much to be done about that, but I think
that (personally) I'd only end up with two of the things. If they can
be made credit card sized, I don't see this as worse than what I have
to carry now.

>>>This would preclude, for example, offline transactions.
>> We used to live in an era where offline transactions were
>> important. Now that you can get online literally anywhere, and now
>> that merchants pretty much are required to check card validity and
>> funds availability online anyway, that's no longer an interesting
>> concern. I can't think of the last time I was involved in an offline
>> transaction -- even folks at street fairs can now afford GPRS and
>> similar communications for their veriphone (and similar) units.
>
> There are reasons to want to do offline transactions and to not have
> intermediaries that go beyond mere connectivity. Anonymity being the
> one of most concern to me, but I'll wager there are others.

Anonymity is a concern to me, too, but I suspect that it is hard to
get anonymity in a credit card transaction using current means, even
if the merchant isn't online. Pseudonymity, perhaps.

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list