[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

To: <martin.rex@xxxxxxx>, "Mark Brown" <mark@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
From: "Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx>
Date: Mon, 8 Jan 2007 16:44:46 -0500
Cc: tls@xxxxxxxx
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200701042049.VAA04275@xxxxxxxxxxxxxxxxxxx> <>

see inserted:

----- Original Message ----- 
From: "Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx>
To: <martin.rex@xxxxxxx>; "Mark Brown" <mark@xxxxxxxxxxxxxxxxxxxx>
Cc: <tls@xxxxxxxx>
Sent: Friday, January 05, 2007 6:15 PM
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<


> see inserted:
> ----- Original Message ----- 
> From: "Martin Rex" <martin.rex@xxxxxxx>
> To: "Mark Brown" <mark@xxxxxxxxxxxxxxxxxxxx>
> Cc: <tls@xxxxxxxx>
> Sent: Thursday, January 04, 2007 3:49 PM
> Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
>
>
> > Mark Brown wrote:
> > >
> > > Isn't this attack possible with today's web sales?  I mean, once you
> give
> > > your credit card to anyone, can't they ring you out at any price they
> want?
> > > You don't need a website or TLS to do this attack.  You can do this on
> the
> > > phone or via mail order.
> > >
> > > So in the case of TLS Evidence, you both have a record of
(1,499,999.-)
> > > instead of what the buyer thought, (99,999.-).  So what?  In both
cases
> the
> > > buyer cancels the order.  You don't need TLS Evidence to cancel...with
> > > either the merchant or by contacting your credit card issuer.
> >
> > No I am confused.
> >
> > Since you just completely disclaimed the usefulness of TLS evidence
> > for just about every business application, what's left?

>
> I have more "disclaimers": at least in US and at least one big b2b
exchange
> said that they have a simple non-repudiation practice:
> they make customers (buyers and sellers) to sign the agreement that
> stipulates that whatever is the record of a transaction in the exchange
> database that holds as the non-repudable record. (the name witheld due to
> the NDA). So they have no need for even application level non-repudiation.
> Also consumers in US have Reg A that allows them to repudiate transactions
> even if a business has evidence.
> -Omirjan
>
> >
> > I don't see anything besides law enforcement,


law enforcement usage has a number of "disclaimers" too. For example, the
criminals can simply refuse to upgrade their clients to the software that
has the evidence software in it.

-Omirjan



>>and I have serious
> > problems in making cleartext escrow plus digital signing of
> > the communication an IETF working group item.
> >
> > -Martin
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@xxxxxxxxxxxxxx
> > https://www1.ietf.org/mailman/listinfo/tls
> >
>
>
> _______________________________________________
> TLS mailing list
> TLS@xxxxxxxxxxxxxx
> https://www1.ietf.org/mailman/listinfo/tls
>


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Omirjan Batyrbaev

Prev by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: Accepting your application
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Index(es):
- Date
- Thread