On Tue, 13 Jun 2000, Douglas [iso-8859-1] Wikström wrote:
> What you are saying is that I am free to buy stuff on the internet,
> sending the seller my creditcard number, and then tell the Bank it was
> not me. Given the following attack scenario I cant believe that is the
> case:
>
Yup. If you are using a stolen credit card number it happens every day in
the physical world. If you use your own credit card number and say you
didn't get the merchandise, then the merchant can track the delivery
receipt through the courier. This would land you in an upcoming edition
of "Dumb crook news". ;-)
If what you bought was bytes of intellectual property, then the marginal
cost to the merchant is zero below a certain percentage of loss before it
threatens the foundation of the economic payment system.
Bottom line, at a certain level of pain one of two scenarios will happen:
1. Banks will swallow the cost of implementing certs because it is
economically profitable to do so.
2. The current model of Web commerce with credit cards will collapse, to
be replaced by some other model.
The market for CA's is not and never will be a one size fits all market.
What markets do others on the list think will become a viable market for
CA's in the near term, 1-2 years, and medium term, 5 years?
Cheers:
-arc
Arley Carter [EMAIL PROTECTED]
Tradewinds Technologies, Inc. www.twinds.com
Winston-Salem, NC USA Network Engineering & Security
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
