At 11:26 1/22/96, Bryce wrote:
What kind of performance hit does this new encryption entail? (No additional performance hit if SSL does it, I know.)
Very little.
Are you considering having different protocols for SSL-protected transactions versus unprotected ones?
It isn't just an issue of SSL vs. unprotected. The new Ecash API that DigiCash is jointly designing with developers, will support two basic levels of operation. The first is similar to today's Ecash software. The client handles the transport. The second just generates the messages. Your application is responsible for getting them to where they should go. Presumably securely.
Let me repeat something I said a couple of weeks ago: I suspect that the weakest point in DigiCash security is on the end-user's own harddrive. A malicious cracker could write a Trojan horse or even a virus which would steal the user's coins and send them to himself.
Given the amounts likely to be found on a drive, I doubt it would be worth the effort. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.