Now that the waters have been muddied (by several of us). My point was that 3D-Secure (and SET and whatever else comes along) covers a different position in the system than SSL does (or can). As such they do have a purpose, even though they may be horribly bloated and nearly non-functional. Visa at least seems to be supporting the 3D-Secure concept (they should, they developed it), and looks like anyone can grab the spec from http://international.visa.com/fb/paytech/secure/main.jsp . SET seems to be a bit more elusive, although still available from http://www.mastercardintl.com/newtechnology/set/ . Mastercard SecureCode appears to be the current direction for MasterCard it's available at http://www.mastercardmerchant.com/securecode/ . All of these differ in target from SSL in the same way, they are designed to address the Buyer-Issuer link (although some not as simply as others, e.g. SET). And yes I am using a much simplified view of the credit card transaction, with only 3 (buyer, seller, issuer) parties instead of the absurd number actually present in a real transaction (buyer seller, issuer, accepter, processor, central card distributor, plus whoever I missed), I did this for clarity. Joe
Trust Laboratories Changing Software Development http://www.trustlaboratories.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]