Fixing SSL (was Re: Dutch Transport Card Broken)

[StealthMonger]

Anne & Lynn Wheeler <lynn at garlic.com> write:

> one of my favorite exchanges from the mid-90s was somebody claiming
> that adding digital certificates to the electronic payment
> transaction infrastructure would bring it into the modern age.  my
> response was that it actually would regress the infrastructure at
> least a couple decades to the time when online, real-time
> transactions weren't being done.  The online, real-time transaction
> provides much higher quality and useful information than a stale,
> static digital certificate (with an offline paradigm from before
> modern communication).  Having an available repository about the
> party being dealt with ... including things like timely, aggregated
> information (recent transactions) is significantly mover valuable
> than the stale, static digital certificate environment (the only
> thing that it has going for it, is it is better than nothing in the
> oldtime offline environment).


> [...]

> EU had also made a statement in the mid-90s that electronic retail
> payments should be as anonymous as cash.

They can't be as "anonymous as cash" if the party being dealt with can
be identified.  And the party can be identified if the transaction is
"online, real-time".  Even if other clues are erased, there's still
traffic analysis in this case.

What the offline paradigm has going for it is the possibility of true,
untraceable anonymity through the use of anonymizing remailers and
related technologies.


 -- StealthMonger <StealthMonger at nym.panta-rhei.eu.org>

 --
   stealthmail: Scripts to hide whether you're doing email, or when,
   or with whom.  http://stealthsuite.afflictions.org

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com