Re N$ SSL vs M$ PCT

• To: www-security@ns2.rutgers.edu
• Subject: Re N$ SSL vs M$ PCT
• From: "John Hemming CEO MarketNet" <JohnHemming@mkn.co.uk>
• Date: Sat, 07 Oct 1995 08:57:18 AM PDT

I think I have not made my point clear.  I see no merit in combining
a protocol for establishing a secure channel (SSL, PCT) and a 
protocol for authentication of transactions.  The sequence of octets
that comprises a digitally signed cheque should stand alone as
proof of authentication.  It may be passed through SSL or as a PGP
encrypted message or even in the clear.

For further confidence people may wish to generate such transactions
offline and simply transfer the instruction into an online system.
(even in a smart card of some sort)

The level of processing of a digital instruction is higher than that of
the channel and there does not seem to be anything to be gained from
merging its protocol with the system.

The point remains, however, that the client's strong RSA key is
used for authentication in SSL anyway, not that I would use it.

• Previous: RE: N$ SSL vs M$ PCT
• Next: Requirements document update.
• Index(es):
  • Index
  • Thread