[3147] in cryptography@c2.net mail archive
Re: DES Applicability Statement for Historic Status
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Wed Aug 5 14:39:03 1998
Date: Wed, 5 Aug 98 15:28:25 GMT
From: "William Allen Simpson" <wsimpson@greendragon.com>
To: "Lewis, Tony" <tlewis@visa.com>
Cc: cryptography@c2.net
Thank you for this interesting information. Apparently, my prose is not
sufficiently clear, as you missed the point of the paragraph. I will try
to be more clear in the next draft.
It does not say "average" or "median" -- just "common". An attacker
that can decode the key of a Visa (or SET master key) can then make
transactions that pass the believability filters of the banks, at a cost
that is less than the amount that their benefit.
For example, a few weeks ago, I bought a laptop from a direct merchant.
The merchant mistakenly sent two requests of $3,000 for my Visa. The
first was flagged as acceptable, then the second was denied. This
anti-fraud feature protects against pilfering of receipts and telephone
transaction information (or so it was explained to me).
Another reason to question the $320 is that it was based on an erroneous
EFF PR release. The current draft has been corrected after John Gilmore's
message to this list.
> From: "Lewis, Tony" <tlewis@visa.com>
> I am not on this distribution list, however, someone forwarded your
> draft to me and questioned the $320 figure you used. Average amounts for
> consumer transactions depend on the type of transactions ...
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
