Re: All our eggs in one basket?
Perry Metzger writes
What needed is a) the bank has to be able to show a third party a signed request for every transaction they've performed, and b) you have to be able to show a third party a signed (by the bank) receipt for every transaction you've performed. In other words, you are protected because the bank can't simply claim to the arbitrator "oh, he withdrew all his money yesterday" because they can't show an order. The bank is protected because you can't claim "oh, I deposited ten million dollars yesterday" if you can't show a receipt.
I'm still confused, only in a different way. Let's let I want to withdraw $10,000... 1) I send the bank a signed request to withdraw 10,000 dollars 2) The bank withdraws the money but doesn't sends it to me. I go to the arbitrator and say: "The bank cheated me!!" The bank says: "We sent you the money. Here is your withdraw request, signed by you. You are lying." ------ How can I prove that the bank did not send me the money? The withdraw protocol must somehow produce a receipt, signed by *me*, saying I receiving the money. If the bank cannot present such a receipt, then the arbitrator shouldn't believe that the bank really sent the money. Yet why would I sign a receipt before verifying that the bits the bank sent me was a valid chunk of digital money? Does this mean the bank sends me valid digital money first and I reply with a signed receipt? If so, what if I claim that the transmition failed and I didn't receive the money, but I really *did* get the money? I could then tell the bank that I changed my mind and I want them to rollback the withdraw transaction? I would walk off with a valid chuck of digital money, yet my account was not decremented. Obviously I'm still missing something. Jim_Miller@suite.com
Jim Miller says:
Perry Metzger writes
What needed is a) the bank has to be able to show a third party a signed request for every transaction they've performed, and b) you have to be able to show a third party a signed (by the bank) receipt for every transaction you've performed. In other words, you are protected because the bank can't simply claim to the arbitrator "oh, he withdrew all his money yesterday" because they can't show an order. The bank is protected because you can't claim "oh, I deposited ten million dollars yesterday" if you can't show a receipt.
I'm still confused, only in a different way. Let's let I want to withdraw $10,000...
1) I send the bank a signed request to withdraw 10,000 dollars
2) The bank withdraws the money but doesn't sends it to me.
I go to the arbitrator and say: "The bank cheated me!!"
The bank says: "We sent you the money. Here is your withdraw request, signed
by you. You are lying."
------
How can I prove that the bank did not send me the money?
You can't with the partial protocol I've described thus far, but assuming that you have to do something like signing the digital draft in order to spend it, the bank's failure to provide a signed copy of the draft with your signature demonstrates that you haven't spent the money. The arbitrator needn't care if you already got the cash -- he can order the bank to send you another copy of the draft that they sent you. I must admit that I haven't worked out the protocols for this yet, but from the sketches I've made I think a quite workable system is practical. I don't think you can cover all forms of cheating by the bank, but I think you can construct things such that if someone tries to cheat you you can prove it. Perry
participants (2)
-
jim@bilbo.suite.com -
Perry E. Metzger