brief comments/suggestions:
1. The whole discussion on how much eavesdropping is a threat is irrelevant. We all know it is a threat and the level is not important, as SSL/TLS provide a good, inexpensive solution. Drop this topic.
2. Stop beating the dead horse (SET). But yes, we should learn from mistakes... and Steve is right: SET main failure was lack of incentive to buyers and sellers. Such an incentive was our design assumption and I was assured by the CC `suits` they'll do it, but when they did, it was too little and much too late. And also they added so much baggage on this poor protocol that it became really so complex. But I am proud of few things in SET, especially...
> It wasn't even a real PKI ...
No, exactly, it wasn't. Because what you refer to as `real PKI` (see original note...) - identities, revocation etc. - are not needed for this application (and many others). We need to use the tool that fits the job.
3. Which brings us back to SSL and Ian's objection... I think Ian _really_ objects to the fact that the major SSL/TLS deployments (browsers, servers) depend on `browser PKI`. And I agree: I think the `browser PKI` is a sad joke (on us), with the weakly-secure, not-really-trusted list of over-100 CAs. We can do much better - use SSL, but checking certificates better; display the logo of the site and/or of the CA, and allow users to decide on sites they trust (and their logos) manually...
We have been discussing these things on this list for ages, and some even asked `is there a real use for crypto`. Then, with Ahmad, we implement and document a cute little extension to Mozilla that uses SSL and certificates, but probably not what some may call `real PKI`. And guess what? You go back to argue on SSL vs. SET and such.
Guys: give us some feedback! Ok, it's a paper, not a note, but it is really pretty easy reading. And if this is too much, at least look at the screen shot:
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing_files/image006.gif
And then speak up - is it the right approach? Should we change something before releasing (hoping in a week or two) or longer term? Can you do it for IE or other browser?
(for the paper, see my homepage as below...) -- Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography & security)
Mirror site: http://www.mfn.org/~herzbea/
begin:vcard fn:Amir Herzberg n:Herzberg;Amir org:Bar Ilan University;Computer Science adr:;;;Ramat Gan ;;52900;Israel email;internet:[EMAIL PROTECTED] title:Associate Professor tel;work:+972-3-531-8863 tel;fax:+972-3-531-8863 x-mozilla-html:FALSE url:http://AmirHerzberg.com , mirror: http://www.mfn.org/~herzbea/ version:2.1 end:vcard