[4193] in cryptography@c2.net mail archive
Set challenged + RSA strong crypto "exportable"...
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Thu Feb 11 22:20:38 1999
Date: Thu, 11 Feb 1999 18:12:32 -0500
To: dcsb@ai.mit.edu, cryptography@c2.net
From: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
From: "Blair Anderson" <blair@technologist.com>
To: "Robert Hettinga" <rah@shipwright.com>
Date: Fri, 12 Feb 99 10:14:10 +1300
Reply-To: "Blair Anderson" <blair@technologist.com>
Priority: Normal
Subject: Set challenged + RSA strong crypto "exportable"...
Brisbane centre to ace credit card giants
By John Davidson
Queensland Premier Mr Peter Beattie will help drive
another nail into the coffin of MasterCard's and Visa's
internet payments system today, when he opens a
multimillion-dollar cryptography centre specialising in
ultra-secure e-commerce software that competes with
the credit card companies' flagging system. Mr
Beattie will open the Brisbane "centre of excellence"
for RSA Data Security, the subsidiary of the US firm
Security Dynamics, whose software is used to secure
credit card transactions on the internet.
The centre is to be based around two Brisbane men --
Mr Eric Young and Mr Tim Hudson -- who are well
known in cryptography circles for their robust,
freeware implementation of Secure Sockets Layer
(SSL) technology, known as SSLeay, thought to be
the most popular free security system in the world. In
January, Security Dynamics announced it had bought
SSLeay, and signed Mr Young and Mr Hudson to
further commercialise it. Their work would be
bolstered by a team of 18 to 20 programmers and
support staff in the next 12 months, said Security
Dynamics chief executive Mr Charles Stuckey.
SSL is a popular method for securing credit card
numbers while they are transmitted across the
internet, yet Visa and MasterCard punish merchants
that use it by making them assume almost all the risk
for such transactions.
Both credit card companies have proposed a more
secure standard, known as Secure Electronic
Transactions (SET), under which the banks,
merchants and customers share the risk, but it has
suffered years of delay and it's now uncertain
whether it will ever be implemented on a widespread
basis.
Mr Stuckey said Security Dynamics had stopped
developing SET products, due to lack of interest from
merchants, and was focusing on technologies such as
SSL that provided much of SET's functionality
without its "burdensome" complexity. Indeed, most of
Security Dynamics' competitors had also ceased
developing SET products, he said.
"History tells us it's not taking off in a hurry. I
wouldn't say we've lost a lot of money by developing
SET software, but we certainly expected to be
already seeing returns on our investment . . . We're
not. I'd be surprised if many companies were
investing in SET right now," he said.
Export of strong cryptography software is tightly
controlled in various parts of the world, including
Australia and the US, where it is treated as a military
weapon, and as a result most versions of SSL in use
in browsers are "crippled" outside the US, and
relatively easy to crack.
But Australia's Defence Department had awarded
Security Dynamics a licence -- thought to be the first
of its type in Australia -- to export uncrackable,
commercial versions of SSLeay from the Brisbane
centre, and Security Dynamics would use the office
as its global export centre for SSL technology,
bypassing US military bans, Mr Stuckey said.
Blair Anderson (Blair@technologist.com)
International Consultant in Electronic Commerce, Encryption and Electronic
Rights Management
"Techno Junk and Grey Matter"
50 Wainoni Road, Christchurch, New Zealand
phone 64 3 3894065
fax 64 3 3894065
Member Digital Commerce Society of Boston, Computer Professionals for
Social Responsibility,
---------------------------- Caught in the Net for 25 years
----------------------------
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
