[1831] in cryptography@c2.net mail archive
SET
daemon@ATHENA.MIT.EDU (Doug_Tygar@cs.cmu.edu)
Wed Nov 12 13:50:48 1997
From: Doug_Tygar@cs.cmu.edu
To: dcsb@ai.mit.edu, dee@cybercash.com, cypherpunks@algebra.com,
cryptography@c2.net, rah@shipwright.com, kawakura@cmu.edu,
tygar@tygar.trust.cs.cmu.edu
Reply-to: Doug_Tygar@cs.cmu.edu
Date: Wed, 12 Nov 1997 11:22:21 -0500
rah@shipwright.com wrote:
>At Doug Tygar's talk at Harvard last week, he claimed to have found a way
>to crack it. I, um, forgot to press him on this. Has anyone heard about
>this, or what it might be?
Actually, I did not claim to break SET. What I said was:
(a) because SET is such a complicated protocol, I am certain that it
does have flaws;
(b) SET does not have a clear design philosophy -- for example, it has
modes in which a consumer's credit card number is hidden from a
merchant and modes when it is given to a merchant. These ambiguous
design points in the protocol make the protocol vulnerable to misuse.
I have not made a serious effort to crack SET, yet.
-- Doug Tygar
