FirstEcom.com's secure credit card payment gateway, designed by myself, uses
(on top of SSL) OpenPGP for DSA signature and symmetric encryption of
certain pieces of data. No WoT or PKI are used: only bilateral public key
exchanges between FirstEcom and each merchant site, with out-of-band
authentication. As engine, we use GnuPG.
An interesting feature of the payment protocol is that the credit card
details are not disclosed to the merchant, without at the same time
requiring the buyer to install wallets or any custom software (not even in
form of Java applet).
Enzo
----- Original Message -----
From: Dan Geer <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, January 02, 2000 11:46
Subject: PGP on an e-commerce site
>
> My daughter was ordering a CD this evening from the site cdnow.com
> and I noted that besides the SSL option they also had a PGP option.
> Take a look at
>
> http://www.cdnow.com/cgi-bin/mserver/SID=0/pagename=/RP/HELP/order.html#8q
>
> This is new to me.
>
> --dan
>
