the limits of crypto and authentication
Aram Perez
aramperez at mac.com
Thu Jul 14 10:59:16 EDT 2005
On Jul 14, 2005, at 6:23 AM, Perry E. Metzger wrote:
> Rich Salz <rsalz at datapower.com> writes:
>
>>> I think that by eliminating the need for a merchant to learn
>>> information about your identity I have aimed higher. Given that
>>> we're
>>> talking about credit instruments,
>>
>> Wasn't that a goal of SET?
>
> Some of it was, yah. I don't claim that any of this is original. The
> problem with SET was that the protocol was far too complicated to
> implement (hell, the spec was nearly too heavy to lift), and it was
> proposed well before people even had USB connectors on their
> computers, let alone cheap USB card interfaces. I think people threw
> out the baby with the bathwater, though. The general idea was correct.
While the SET protocol was complicated, it's failure had nothing to
do with that fact or the lack of USB on PCs. You could buy libraries
that implemented the protocol and the protocol did not require USB.
IMO, the failure had to do with time-to-market factors. In the late
90s, when ecommerce was just at it's infancy and you took the risk of
setting up a web store, were you going to wait you could integrate a
SET toolkit into you web site and until your customers had SET
wallets installed on their PCs before selling a product? Or were you
going to sell to anyone who used a web browser that supported SSL? It
was very simple economics, even if you had to pay VeriSign $400 for
your SSL certificate and pay Visa/MasterCard a higher fee.
Respectfully,
Aram Perez
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list