E.g. has there been a DigiCash response to Ian Goldberg's publication of a denial-of-service attack which operates by spending a coin with the same serial number as your victim's coin? After discussing things with Ian we came up with several solutions. One is encrypting more messages (which we will do in a next revision of the protocol), the other is enabling ecash to work over ssl servers. You may not see the answer directly in the list, but you will see it in the next protocol revision.
Actually, my original suggestion was to include 'n' in the value encrypted in the bank's public key. The less we have to _rely_ on ecash-enabled apps having to do their own encryption (like SSL), the better. Of course, extra encryption is OK, too. I wonder if Dave and I will get Digicash's reward for this one... I still haven't seen anything from them (though various individuals keep promising), or from Netscape either, for that matter... [emoticon elided] - Ian "starving grad student (sigh)"