Excerpts from mail.fv: 22-Sep-95 Re: first virtual "security.. Jiri Baum@sweeney.cs.mon (1560*)
financial insecurity never was a problem as long as it remains under a small %.
This is an amazing statement, Laurent.
It's not an amazing statement. As long as the cost of insecurity is less than cost of security, there's no problem.
I think the basic confusion here is precisely about the cost. The cost of having one credit card stolen is small. The cost of having millions stolen at once is *astronomical*. It really could bring down the whole credit card system, if that was the criminal's goal. My concern is about schemes in which the compromise of the cryptographic algorithms or software leads to a scenario in which one criminal steals millions of credit cards. In such a scenario, the cost of insecurity is unacceptably high.
Okay, so what's stopping you from starting right now with PGP? You could simply have that as an alternative to the current system (on a per-ID basis, ie new customers specify PGP or not).
Quite a few people both have PGP and would think well of you if you started using it.
How about "The safest Internet payment system just got safer."?
We're definitely moving in this direction. It's more complicated than you make it sound, though. Personally, I don't want to use any cryptography without an explicit, clear, policy and mechanism for key expiration and key lifetimes. The risk of key compromise is directly proportional to the key lifetime. PGP today -- which we use very heavily internal to FV -- is not well-equipped for dealing with key management issues on a scale of millions of users. Now, having said that... we're currently planning to deploy FV version 2 before the end of the year. Version 2 *will* include the first use of PGP in the FV system, but it will NOT work the way you probably expect. Stay tuned! -- Nathaniel -------- Nathaniel S. Borenstein <nsb@fv.com> | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq@nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf@clark.net <http://www.netresponse.com/zldf>