[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

Subject:  Shoe-horning Mondex onto the Internet -- still won't fit

There many high barriers to the shoe-horning of Mondex onto the Internet:

+ Was not designed for the Internet, rather for physical portable cards
+ Requires expensive hardware: >$100/board for a PC in start-up quantities 
+ Accoring to inside sources, is vulnerable to MITM between payer and payee
+ According to inside sources, is grossly vulnerable to replay attacks 
(offline multi-spending to different parties)
+ The designers have zero experience and reputation in the cryptographic and
computer security communities
+ None of the Mondex designs have been published or peer reviewed.
+ The protocol cannot be published for security reasons, which means
-- Mondex has security holes
-- Customers who defraud Mondex-using banks have legal deniability in a 
court of law: they can simply request banks to produce the security 
protocols as evidence; if they refuse the case is thrown out of 
court (precedent: UK and US phantom-ATM withdrawal cases)