Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Rich Salz@osf.org (1188)
You must trust something. You folks trust the telephone (never gets tapped, right) the postal service (of course mail never gets stolen) banks or credit card companies (which never have problems). And then, on top of that foundation of sand you build a commerce system with MIME and SMTP (sendmail is the most bugfree program ever written).
I certainly don't trust the telephone not to be tapped on an individual basis. I used to trust the telephone not to be tapped in a selective way based on keyword recognition, but in recent years, with the improvement in voice recognition technology, I have stopped trusting it that way, and I know plenty of other people have too -- if you say "NSA" into a cellular call, you are probably inviting an eavesdropper. The Internet environment is EVEN LESS trustable. Installing the kind of general phone tap I just mentioned is very hard to do, and requires a level of access that is almost impossible unless you're the phone company or the government. The level of software needed to recognize spoken keywords is quite sophisticated. On the Internet, almost anyone can tap data streams, and almost anyone can install keyboard sniffers on user machines, and the level of software needed to recognize keywords in ASCII is very simple. The risk models are very different. Similarly, we trust the postal service and certain uses of email not to be free of any insecurities, but to be hard to defeat in a large scale automated way. That kind of statistical risk is the foundation of the security of the credit card system -- not perfect security, but bounding of individual risks and preclusion of large-scale attacks.
Stef's blatant attempts to ensure MIME's use in IETF-PAY was not an exception, but the first salvo.
I have no idea what you're talking about here.
You make me sorry I invented safe-tcl and made FV possible.
I *really* have no idea what you're talking about here. There are two ideas here that strike me as delusional: that you invented safe-tcl and that safe-tcl made FV possible. To the best of my knowledge, neither of these is true. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com