[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SET




-----BEGIN PGP SIGNED MESSAGE-----

In <[email protected]>, on 11/12/97 
   at 09:51 AM, Eric Murray <[email protected]> said:

>[details: according to the spec the cardholder sends to the merchant
>thumbs (SHA1 hashes) of all the certs in the cardholder's cert cache.
>Since this will contain certs from merchants the cardholder has made
>purchases from in the past, a merchant could simply match up those
>merchant cert thumbs with cert thumbs he obtains from other merchants,
>allowing him to build a list of merchants the cardholder has attempted to
>make purchases from].


Sorry I haven't been keeping track of the SET but why would a merchant
need this info in the first place??? If anything one would think that this
would be client driven not server driven (ie the client queries the
merchant for the hash of his cert to see if the client already has a copy
or not). I am not quite sure what they are trying to accomplish by this
unless what you consider a "flaw" is realy a "feature by design"?

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNGn49o9Co1n+aLhhAQF7GAP+K2xbLQCLvFaR4nBpOOT3BfGoTtMikOvs
nhm3n4J3ALkIUtReRcwi3rc4q9/+TUK3Rq8gfVzFBCsFyDyAQLVMUCFBn7Ybja+j
qdloRfG4Tw2ueMOyaaO2/ao03s9tgOfP2Cfa0CwyScQI8BWMMoeKBongeSYZgMsm
bqGEG+XXyr4=
=rAEt
-----END PGP SIGNATURE-----