Re: FV & PGP (was Re: First Virtual email security)
-----BEGIN PGP SIGNED MESSAGE----- James D. Wilson said:
On Thu, 15 Dec 1994 nsb@nsb.fv.com wrote:
Moreover, if we supported PGP today, we might indirectly lend credibility to what we perceive as the incorrect belief that cryptography is NECESSARY for commerce. Because we see cryptography as helpful, but not necessary, we aren't going to support PGP right away, but will probably add such support when a large enough portion of our customer base wants it and can make use of it.
Without cryptography how exactly are you going to protect my credit card numbers from sniffer-snoopers and crackers? Either you will send the credit card text in the clear, or it will be encrypted somehow. Or perhaps you will have customers call you over the phone to give you their credit card info?
I would also like to be convinced on this point. It seems that it's an either/or. Either the info is in the clear, and thus vulnerable, or it's encrypted, and safer. - ------------------------------------- Mike Ellsworth mellswor@firewall.nielsen.com I find television very educating. Every time somebody turns on the set, I go into the other room and read a book. Groucho Marx (1890-1977) I'd be foolish to speak for my employer, now, wouldn't I? - ------------------------------------- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLvJI7yoZzwIn1bdtAQEQHwGAxhCYdPFxK1leSvHJJB6uipGm1wJDPzTF h95k/mp0umUkc92T6hVccPnaKF1x47nI =PQWe -----END PGP SIGNATURE-----
Mike Ellsworth says:
James D. Wilson said:
Without cryptography how exactly are you going to protect my credit card numbers from sniffer-snoopers and crackers? Either you will send the credit card text in the clear, or it will be encrypted somehow. Or perhaps you will have customers call you over the phone to give you their credit card info?
I would also like to be convinced on this point. It seems that it's an either/or. Either the info is in the clear, and thus vulnerable, or it's encrypted, and safer.
I'm not the biggest fan on earth of the way First Virtual is running things, but you could have the decency to read what they've said before making assumptions. The answer is simple -- they never put the credit card number over the wire at all, either encrypted or unencrypted. Go off and read their documents if you want to know how that works. Perry
participants (2)
-
Mike Ellsworth -
Perry E. Metzger