[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Still more on the Digicash protocol
At 07:17 PM 12/7/95 -0500, you wrote:
>Assume the attacker is not doing any traffic analysis. The problem is
>that even then, the shop's identity (and product info, and payment amount,
>and bank ID, etc.) are still sent *in the clear* in the Digicash payment
>protocol. Thus all those items can be correlated to the payee's identity:
>a complete loss of privacy for the shop.
>
>There's no need to send that payment info in the clear -- why not encrypt?
DigiCash agrees that it is desirable to encrypt the payment request. The
problem is how? You can't use the payor's public key, since the payor is
anonymous to the payee. There are other, high overhead, protocols that might
be used, but after taking MIM into account, securing the payment request
from within Ecash while retaining acceptable latency is much harder to
acomplish than one might think.
The best solution at this time seems to be to use the already existing https
connection to transmit the payment request. The next version of Ecash will
offer this feature as an option to the user.
--Mark Twain Bank Ecash Support
Ecash. The secure Internet payment system that protects your privacy.
<http://www.marktwain.com/ecash.html>