[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

To: mark@xxxxxxxxxxxxxxxxxxxx (Mark Brown)
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
From: Martin Rex <martin.rex@xxxxxxx>
Date: Thu, 4 Jan 2007 21:49:57 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <005b01c7303e$d1030490$6801a8c0@xxxxxxxxx> from "Mark Brown" at Jan 4, 7 02:27:55 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Mark Brown wrote:
> 
> Isn't this attack possible with today's web sales?  I mean, once you give
> your credit card to anyone, can't they ring you out at any price they want?
> You don't need a website or TLS to do this attack.  You can do this on the
> phone or via mail order.
> 
> So in the case of TLS Evidence, you both have a record of (1,499,999.-)
> instead of what the buyer thought, (99,999.-).  So what?  In both cases the
> buyer cancels the order.  You don't need TLS Evidence to cancel...with
> either the merchant or by contacting your credit card issuer.

No I am confused.

Since you just completely disclaimed the usefulness of TLS evidence
for just about every business application, what's left?

I don't see anything besides law enforcement, and I have serious
problems in making cleartext escrow plus digital signing of
the communication an IETF working group item.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Omirjan Batyrbaev

References:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00
  - From: Mark Brown

Prev by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Previous by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Index(es):
- Date
- Thread