[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DigiCash Ecash - 2 security topics



>> > E.g. has there been a DigiCash response to Ian Goldberg's
>> > publication of a denial-of-service attack which operates by 
>> > spending a coin with the same serial number as your victim's 
>> > coin?
>> After discussing things with Ian we came up with several solutions. 
>> One is encrypting more messages (which we will do in a next revision 
>> of the protocol), the other is enabling ecash to work over ssl 
>> servers. You may not see the answer directly in the list, but you 
>> will see it in the next protocol revision.

Actually, my original suggestion was to include 'n' in the value encrypted
in the bank's public key.  The less we have to _rely_ on ecash-enabled
apps having to do their own encryption (like SSL), the better.
Of course, extra encryption is OK, too.

I wonder if Dave and I will get Digicash's reward for this one...
I still haven't seen anything from them (though various individuals keep
promising), or from Netscape either, for that matter... [emoticon elided]

   - Ian "starving grad student (sigh)"