[cryptography] Must have seemed like a good idea at the time
iang at iang.org
Tue Jul 23 04:54:26 EDT 2013
On 22/07/13 23:33 PM, Florian Weimer wrote:
> * James A. Donald:
>> This not all that fatal, as the money is traceable, but it means that
>> the financial institution needs an apparatus to reverse cell phone
>> transactions, and that cell phone money is therefore soft on the may
> This has been the case for giro payments for a while, and some
> national banking systems stipulate that *all* direct debit
> transactions can be rolled back for some time after the transaction.
> (Lines of credit automatically enforced by banking systems already
> take this into account, for obvious reasons.)
> So all this isn't as bad as it may sound.
Right. Pretty much all payment systems are reversible at some level.
The art is in making them reversible and non-reversible at the same
time, and choosing the line of dichotamy.
For good example, the e-gold system was non-reversible /by contract/ but
in the backend it was a simple accounting system, so anything could be
fixed up if it went really wrong.
Banks will say that international wires are irreversible, but it isn't
true. If the banks cooperate they can do a return of funds. It all
In the natural order of a designed system, the crux of the choice of
where and how you do the reversibility is driven ultimately by the cost
equation. In the normal unnatural order of things, the regulators pitch
in and insist on something or other to benefit one group or other. So
it is not easy to see patterns.
> (The phone as a second
> factor is an endangered species, but for other reasons.)
I don't think it's a binary yes/no. I would say the phone is endangered
by its own success as being the best thing in comparison to the nearest
alternative, which is online/browser security. Which as we know is
rather a lost cause.
As more and more stress is put on the phone (beginning with MITB
responses in Europe), then more and more attention will direct to it,
and we'll find out just how well it stands up, and to what level of
security we can get.
Do you think different?
More information about the cryptography