[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DigiCash Ecash - 2 security topics
>> > E.g. has there been a DigiCash response to Ian Goldberg's
>> > publication of a denial-of-service attack which operates by
>> > spending a coin with the same serial number as your victim's
>> > coin?
>> After discussing things with Ian we came up with several solutions.
>> One is encrypting more messages (which we will do in a next revision
>> of the protocol), the other is enabling ecash to work over ssl
>> servers. You may not see the answer directly in the list, but you
>> will see it in the next protocol revision.
Actually, my original suggestion was to include 'n' in the value encrypted
in the bank's public key. The less we have to _rely_ on ecash-enabled
apps having to do their own encryption (like SSL), the better.
Of course, extra encryption is OK, too.
I wonder if Dave and I will get Digicash's reward for this one...
I still haven't seen anything from them (though various individuals keep
promising), or from Netscape either, for that matter... [emoticon elided]
- Ian "starving grad student (sigh)"