Newsletter Internetwk: InternetWeek Newsletter - Nov. 25

Robert Hettinga rah at shipwright.com
Wed Nov 26 09:57:02 PST 1997




--- begin forwarded text


To: dcsb at ai.mit.edu
Subject: Newsletter Internetwk: InternetWeek Newsletter - Nov. 25
Date: Tue, 25 Nov 1997 08:01:13 -0500
From: "Eric S. Johansson" <esj at harvee.billerica.ma.us>
Sender: bounce-dcsb at ai.mit.edu
Precedence: bulk
Reply-To: "Eric S. Johansson" <esj at harvee.billerica.ma.us>


------- Forwarded Message

That Ain't No Standard Spec

It looks like SET may have run out of breath before even
leaving the starting gate. Despite a dogged insistence by
its sponsors that the 6-month-old Secure Electronic
Transactions specification is essential to the growth
of Internet commerce, the technology's creators cannot
point to one operational deployment.

And with good reason, apparently. The two main
beneficiaries of the technology--merchants and banks--say
the technology is severely flawed. They say compliance with
the spec does not guarantee compatibility across
vendor implementations. They further charge that SET is too
complex to integrate cleanly with legacy transaction
systems. In short, they say, the standard is not a standard
at all.

"It's an enormously complex technology that's flawed from
the bottom up," according to Aberdeen Group analyst Chris
Stevens. "The only people who are interested in it are the
credit card associations, analysts, the press, Hewlett-
Packard and IBM."

Two of SET's inventors, Hewlett-Packard's VeriFone division
and IBM, all but admitted SET's shortcomings earlier this
month when they announced a program to ensure that their
SET 1.0-enabled products are interoperable.

The results will be published in a reference guide for
developers. But SET products are supposed to be
interoperable by definition, according to the
published spec. Other features of the spec are
confidentiality of information, integrity of data, card
holder account authentication and merchant authentication.

The preliminary 0.0 version of the spec has been extended
to February of next year so retailers can work with a more
tested version through the Christmas season. Version 2.0 is
already in the works for release late next year.

As a result of the glitches, the sponsors of the
initiative, mainly the credit card issuers and E-commerce
software vendors, are loosening their definition of a
standard. "In the SET 1.0 specification, we tried to be as
precise as possible, but any specification is open to
interpretation," said Steve Mott, MasterCard's senior vice
president for E-commerce. "The marketplace will determine
if it's a standard."

Mott acknowledged that the root of SET's troubles is its
complexity. SET relies on a three-tier architecture-the
client wallet, the merchant server and the gateway to
processing banks. Not only does each tier have to exchange
transaction data, but it must be able to do so with
software developed by different vendors. Moreover, as a
certificate-based system, SET requires the management of
digital certificates for millions of merchants and
consumers.

All of this has left the banking industry holding the ball.
"There are a lot of operational issues left unresolved,
like the problem of integrating SET and a new level of
certificate information with the banks' legacy systems,"
said Stephanie Denny, until recently the vice president and
director of marketing for Bank of America's credit card
unit. By Matthew Friedman

http://techweb.cmp.com/internetwk/news/news1124-1.htm

*************************

- -------------------------------------------------------
Copyright 1997 CMP Media Inc. a service of InternetWeek.
- -------------------------------------------------------
Distributed by Email Publishing Inc. - http://www.emailpub.com

------- End of Forwarded Message



For help on using this list (especially unsubscribing), send a message to
"dcsb-request at ai.mit.edu" with one line of text: "help".

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>








More information about the cypherpunks-legacy mailing list