At 11:18 AM 11/12/97 -0800, Jeremey Barrett you wrote:
>Robert Hettinga writes:
> >
> > Unfortunately, I think that no MIS manager will get fired for using
SET, and
> > it'll take a serious demonstration of a security breach before people will
> > listen to anything else. At least until someone demonstrates a transaction
> > protocol which is, say 3 orders of magnitude cheaper...
>
>Perhaps... OTOH, SET is SO bad that it will be impossible to deploy,
>probably forcing everyone away from it anyway.
Having spent the last ten years at this retail outfit, I can assure you
that "impossible to deploy" != "won't be deployed". If Mastercard tells us
that they will jack our rates by 0.5% for every transaction processed
without SET, then management will demand SET be rolled out. Function be
damned, security be damned, as long as some bookkeeper somewhere is
satisfied that SET happens, then we avoid a huge rate increase.
If the security of SET is questioned in the trade rags, our management's
approach will be to assume that Mastercard will fix it in the future, but
roll it out now anyway. OTOH, it's obvious (even to them) that SET
couldn't possibly be any *less* secure than current authorizing techniques.
*Sigh*. Look for copyrighted swirly red/orange logos to appear on
retailer's doors' soon:
"SET(tm) Transaction Processing --
It's safe to use your Mastercard here"
John, who will get dragged into implementing it. Got any suggestions?
--
J. Deters "Don't think of Windows programs as spaghetti code. Think
of them as 'Long sticky pasta objects in OLE sauce'."
+--------------------------------------------------------------------+
| NET: mailto:jad at dsddhc.com (work) mailto:jad at pclink.com (home) |
| PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) |
| ICBM: 44^58'36"N by 93^16'27"W Elev. ~=290m (work) |
| For my public key, send mail with the exact subject line of: |
| Subject: get pgp key |
+--------------------------------------------------------------------+