[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DigiCash Ecash - 2 security topics

To: [email protected]
Subject: Re: DigiCash Ecash - 2 security topics
From: [email protected] (Lucky Green)
Date: Mon, 22 Jan 1996 13:23:49 -0800
Cc: [email protected]
Sender: [email protected]

At 11:26 1/22/96, Bryce wrote:

>What kind of performance hit does this new encryption entail?
>(No additional performance hit if SSL does it, I know.)

Very little.

>Are you considering having different protocols for SSL-protected
>transactions versus unprotected ones?

It isn't just an issue of SSL vs. unprotected. The new Ecash API that
DigiCash is jointly designing with developers, will support two basic
levels of operation. The first is similar to today's Ecash software. The
client handles the transport. The second just generates the messages. Your
application is responsible for getting them to where they should go.
Presumably securely.

>Let me repeat something I said a couple of weeks ago:  I suspect
>that the weakest point in DigiCash security is on the end-user's
>own harddrive.  A malicious cracker could write a Trojan horse
>or even a virus which would steal the user's coins and send them
>to himself.

Given the amounts likely to be found on a drive, I doubt it would be worth
the effort.

-- Lucky Green <mailto:[email protected]>
   PGP encrypted mail preferred.

Prev by Date: Re: More thoughts about digital postage (was Re: Digital postage and remailerabuse)
Next by Date: request mailing list
Prev by thread: Re: DigiCash Ecash - 2 security topics
Next by thread: Netscape + Verifone
Index(es):
- Date
- Thread