[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

To: <martin.rex@xxxxxxx>, "Mark Brown" <mark@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
From: "Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx>
Date: Fri, 5 Jan 2007 18:15:23 -0500
Cc: tls@xxxxxxxx
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200701042049.VAA04275@xxxxxxxxxxxxxxxxxxx>

see inserted:
----- Original Message ----- 
From: "Martin Rex" <martin.rex@xxxxxxx>
To: "Mark Brown" <mark@xxxxxxxxxxxxxxxxxxxx>
Cc: <tls@xxxxxxxx>
Sent: Thursday, January 04, 2007 3:49 PM
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<


> Mark Brown wrote:
> >
> > Isn't this attack possible with today's web sales?  I mean, once you
give
> > your credit card to anyone, can't they ring you out at any price they
want?
> > You don't need a website or TLS to do this attack.  You can do this on
the
> > phone or via mail order.
> >
> > So in the case of TLS Evidence, you both have a record of (1,499,999.-)
> > instead of what the buyer thought, (99,999.-).  So what?  In both cases
the
> > buyer cancels the order.  You don't need TLS Evidence to cancel...with
> > either the merchant or by contacting your credit card issuer.
>
> No I am confused.
>
> Since you just completely disclaimed the usefulness of TLS evidence
> for just about every business application, what's left?

I have more "disclaimers": at least in US and at least one big b2b exchange
said that they have a simple non-repudiation practice:
they make customers (buyers and sellers) to sign the agreement that
stipulates that whatever is the record of a transaction in the exchange
database that holds as the non-repudable record. (the name witheld due to
the NDA). So they have no need for even application level non-repudiation.
Also consumers in US have Reg A that allows them to repudiate transactions
even if a business has evidence.
-Omirjan

>
> I don't see anything besides law enforcement, and I have serious
> problems in making cleartext escrow plus digital signing of
> the communication an IETF working group item.
>
> -Martin
>
> _______________________________________________
> TLS mailing list
> TLS@xxxxxxxxxxxxxx
> https://www1.ietf.org/mailman/listinfo/tls
>


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Omirjan Batyrbaev

References:
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Martin Rex

Prev by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: Bad credit ok
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Index(es):
- Date
- Thread