[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mosaic to support digital money in September



I have only recently resubscribed to cypherpunks, so
forgive me if this is old news.
 
Enterprise Integration Technologies and friends will
enable digital money transactions in Mosaic in September
(they hope, I would guess January 1995 before it really
works.)
 
Press release follows after my commentary.
 
The transaction model has a crippled mode for people
outside the US and Canada
 
They intend that you will be able to write contracts and
internet checks on participating banks.  It is very
centralized of course, but don't whine - it is the thin
edge of the wedge.  Once American banks are on the
internet, Swiss banks will follow.
 
The model uses account based digital money.  It is overly
centralized, but it is an excellent step towards a
decentralized system of digital money.
 
The cypherpunks are experimenting with digital token based
money.  Digital token based money is damn inconvenient,
and each digital token currency requires a single
centralized server which tends to monopoly and is thus
highly vulnerable to government coercion.  Although the
server does not know which of its clients has been
transacting with which, it does know the thing that the
government is most interested in knowing - how much the
client got, and how much he spent.
 
For this reason I think decentralized account based
digital money is the best hope.
 
 
The following press release was posted on the CIS forum
INETFORUM
 
Quote begins:
__________________________________________________________-
 
#: 11559 S1/General Information  [INETFORU]                               
         14-Apr-94  04:12:28                                              
          Sb: PR:EIT/NCSA/RSA                                             
               Fm: Scott Loftesness 76703,407                             
                    To: All
 
[from an EIT/NCSA/RSA press release]             
Enterprise Integration Technologies (EIT), 
 
the National Center for Supercomputing Applications (NCSA)
at the University of Illinois
 
and 
 
RSA Data  Security 
 
have announced agreements to jointly develop and distribute
a secure version of NCSA Mosaic, the popular
point-and-click interface that enables easy access to
thousands of multimedia information services on the
Internet. The announcement was made in conjunction with the
launch of CommerceNet, a large-scale market trial of
electronic commerce on the Internet. Under the agreements,
EIT will integrate its Secure-HTTP software with public key
cryptography from RSA into NCSA Mosaic Clients and World
Wide Web (WWW) servers. WWW is a general-purpose
architecture for information retrieval comprised of
thousands of computers and servers that is available to
anyone on Internet. The enhancements will then be made
available to NCSA for widespread public distribution and
commercial licensing. Jay M. Tenenbaum, chief executive
officer of EIT, believes secure NCSA Mosaic will help
unleash the commercial potential of the Internet by
enabling buyers and sellers to meet spontaneously and
transact business. "While NCSA Mosaic makes it possible to
browse multimedia catalogs, view product videos, and fill
out order forms, there is currently no commercially safe
way to consummate a sale," said Tenenbaum. "With public key
cryptography, however, one can authenticate the identity of
trading partners so that access to sensitive information
can be properly accounted for."
 
This secure version of NCSA Mosaic allows users to affix
digital signatures which cannot be repudiated and time
stamps to contracts so that they become legally binding and
auditable. In addition, sensitive information such as
credit card numbers and bid amounts can be securely
exchanged under encryption.
 
Together, these capabilities provide the foundation for a
broad range of financial services, including the network
equivalents of credit and debit cards, letters of credit
and checks. In short, such secure WWW software enables all
users to safely transact day-to-day business involving even
their most valuable information on the Internet.
 
According to Joseph Hardin, director of the NCSA group that
developed NCSA Mosaic, over 50,000 copies of the interface
software are being downloaded monthly from NCSA's public
server - with over 300,000 copies to date. Moreover, five
companies have signed license agreements with NCSA and
announced plans to release commercial products based on
NCSA Mosaic. "This large and rapidly growing installed base
represents a vast, untapped marketplace," said Hardin. "The
availability of a secure version of NCSA Mosaic establishes
a valid framework for companies to immediately begin
large-scale commerce on the Internet."
 
Jim Bidzos, president of RSA, sees the agreement as the
beginning of a new era in electronic commerce, where
companies routinely transact business over public networks.
 
"RSA is proud to provide the enabling public key software
technology and will make it available on a royalty-free
basis for inclusion in NCSA's public distribution of NCSA
Mosaic," said Bidzos. "RSA and EIT will work together to
develop attractive licensing programs for commercial use of
public key technology in WWW servers."
 
At the CommerceNet launch, Allan M. Schiffman, chief
technical officer of EIT, demonstrated a working prototype
of secure NCSA Mosaic, along with a companion product that
provides for a secure WWW server. The prototype was
implemented using RSA's TIPEM toolkit.
 
"In integrating public key cryptography into NCSA Mosaic,
we took great pains to hide the intricacies and preserve
the simplicity and intuitive nature of NCSA Mosaic,"
explained Schiffman.
 
Any user that is familiar with NCSA Mosaic should be able
to understand and use the software's new security features.
Immediately to the left of NCSA's familiar spinning globe
icon, a second icon has been inserted that is designed to
resemble a piece of yellow paper. When a document is
signed, a red seal appears at the bottom of the paper,
which the user can click on to see the public key
certificates of the signer and issuing agencies. When an
arriving document is encrypted, the paper folds into a
closed envelope, signifying that its formation is hidden
from prying eyes. When the user fills out a form containing
sensitive information, there is a "secure send" button that
will encrypt it prior to transmission.
 
To effectively employ public-key cryptography, an
infrastructure must be created to certify and standardize
the usage of public key certificates. CommerceNet will
certify public keys on behalf of member companies, and will
also authorize third parties such as banks, public agencies
and industry consortia to issue keys. Such keys will often
serve as credentials, for example, identifying someone as a
customer of a bank, with a guaranteed credit line.
 
Significantly, all of the transactions involved in doing
routine purchases from a catalog can be accomplished
without requiring buyers to obtain public keys. Using only
the server's public key, the buyer can authenticate the
identity of the seller, and transmit credit card
information securely by encrypting it under the seller's
public key. Because there are fewer servers than clients,
public key administration issues are greatly simplified.
To successfully combine simplicity of operation and key
administration functions with a high level of security that
can be accessible to even non-sophisticated users,
significant changes were necessary for existing WWW
security protocols. EIT developed a new protocol called
Secure-HTTP for dealing with a full range of modern
cryptographic algorithms and systems in the Web. 
Secure-HTTP enables incorporation of a variety of
cryptographic standards, including, but not limited to,
RSA's PKCS-7, and Internet Privacy Enhanced Mail (PEM), and
supports maximal interoperation between clients and servers
using different cryptographic algorithms. Cryptosystem and
signature system interoperation is particularly useful
between U.S. residents and non-U.S. residents, where the
non-U.S. residents may have to use weaker 40-bit keys in
conjunction with RSA's RC2 and RC4 variable keysize
ciphers. EIT intends to publish Secure-HTTP as an Internet
standard, and work with others in the WWW community to
create a standard that will encourage using the Web for a
wide variety of commercial transactions.
 
EIT will make Secure NCSA Mosaic software available at no
charge to CommerceNet members in September and NCSA will
incorporate these securefeatures in future NCSA Mosaic
releases.
 
Enterprise Integration Technologies Corp., of Palo Alto,
(EIT), is an R&D and consulting organization, developing
software and services that help companies do business on
the Internet. EIT is also project manager of CommerceNet.
 
The National Center for Supercomputing Applications (NCSA),
developer of the Mosaic hypermedia browser based at the
University of Illinois in Champaign, Ill., is pursuing a
wide variety of software projects aimed at making the
Internet more useful and easier to use.
 
RSA Data Security Inc., Redwood City, Calif., invented
Public Key Cryptography and performs basic research and
development in the cryptographic sciences. RSA markets
software that facilitates the integration of their
technology into applications.
 _____________________________________________________________________
 
Quote ends.
 
This press release was transferred from Compuserve to internet by
Owen Morgan	([email protected])
 
 ---------------------------------------------------------------------
                   |  We have the right to defend ourselves and our
James A. Donald    |  property, because of the kind of animals that we
                   |  are.  True law derives from this right, not from
[email protected]  |  the arbitrary power of the omnipotent state.