[cryptography] Must have seemed like a good idea at the time

ianG iang at iang.org
Tue Jul 23 04:54:26 EDT 2013


On 22/07/13 23:33 PM, Florian Weimer wrote:
> * James A. Donald:
>
>> This not all that fatal, as the money is traceable, but it means that
>> the financial institution needs an apparatus to reverse cell phone
>> transactions, and that cell phone money is therefore soft on the may
>> scale.
>
> This has been the case for giro payments for a while, and some
> national banking systems stipulate that *all* direct debit
> transactions can be rolled back for some time after the transaction.
> (Lines of credit automatically enforced by banking systems already
> take this into account, for obvious reasons.)
>
> So all this isn't as bad as it may sound.


Right.  Pretty much all payment systems are reversible at some level. 
The art is in making them reversible and non-reversible at the same 
time, and choosing the line of dichotamy.

For good example, the e-gold system was non-reversible /by contract/ but 
in the backend it was a simple accounting system, so anything could be 
fixed up if it went really wrong.

Banks will say that international wires are irreversible, but it isn't 
true.  If the banks cooperate they can do a return of funds.  It all 
depends...

In the natural order of a designed system, the crux of the choice of 
where and how you do the reversibility is driven ultimately by the cost 
equation.  In the normal unnatural order of things, the regulators pitch 
in and insist on something or other to benefit one group or other.  So 
it is not easy to see patterns.


> (The phone as a second
> factor is an endangered species, but for other reasons.)


I don't think it's a binary yes/no.  I would say the phone is endangered 
by its own success as being the best thing in comparison to the nearest 
alternative, which is online/browser security.  Which as we know is 
rather a lost cause.

As more and more stress is put on the phone (beginning with MITB 
responses in Europe), then more and more attention will direct to it, 
and we'll find out just how well it stands up, and to what level of 
security we can get.

Do you think different?

iang


More information about the cryptography mailing list