-----BEGIN PGP SIGNED MESSAGE----- At 11:22 am -0500 on 11/12/97, Doug_Tygar@cs.cmu.edu wrote:
Actually, I did not claim to break SET. What I said was:
(a) because SET is such a complicated protocol, I am certain that it does have flaws; (b) SET does not have a clear design philosophy -- for example, it has modes in which a consumer's credit card number is hidden from a merchant and modes when it is given to a merchant. These ambiguous design points in the protocol make the protocol vulnerable to misuse.
I have not made a serious effort to crack SET, yet.
Great. Thanks. Looking forward to seeing what you get. Personally, I'm becoming convinced that SET is practically Ptolmaic in it's complexity. You can get money from point A to point B, but you have to go through a lot of epicycles to get there. Transactional shovelware, maybe. Not unlike a lot of digital signature legislation out there. Unfortunately, I think that no MIS manager will get fired for using SET, and it'll take a serious demonstration of a security breach before people will listen to anything else. At least until someone demonstrates a transaction protocol which is, say 3 orders of magnitude cheaper... Cheers, Bob Hettinga -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5 iQEVAwUBNGngp8UCGwxmWcHhAQE5bgf7B2yJ8ry6J+YeTe6K3uCTrXV5CdPYDy55 AGULzPsjkmc66HeVl8A65vlQ05mzKso2Y/AXE1KlnWDD6OiuppefHbCS1iOb6K6n 1ZE2B+EWPfwElakspqHQAH6y/RvduvJuQKtbjIrs9Hq0DAg6SurPdAGDrUrI/3QW sVKgnNXRf2PKO1Nv4Lmbobm4fYhySbkLaevVv8mFfoKLC5/B0TC9xERiYLK0g8pj y86gK09ZorPnZ/vqba7vUufPKd9lrQ7AV9OYjdaV/EYNGx2hR7QBBe5LyjIsCuEb Infx5yB7hckVyz6iEbJFfF9qacDN19iA15XuyNqS2IweX8htf60ggw== =mObY -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/ Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>