[fc-discuss] Financial Cryptography Update: Wot in Pictures, p2p lending, mailtapping

iang@iang.org iang@iang.org
Sun, 14 Aug 2005 13:55:56 +0100 (BST)


 Financial Cryptography Update: Wot in Pictures, p2p lending, mailtapping 

                            August 14, 2005


------------------------------------------------------------------------

https://www.financialcryptography.com/mt/archives/000532.html



------------------------------------------------------------------------

Rick points at a nice page showing lots of OpenPGP web of trust
metrics.

http://www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder/plot/
http://openfortress.nl/news/security/id-exploit.2005-01-09-00-00.articl
e

The web of trust in OpenPGP is an informal idea based on signing each
other's keys.  As it was never really specified what this means, there
are two schools of thought, being the one where "I'll sign anyone's key
if they give me the fingerprint" and the other more European inspired
one that Rick lists as "it normally involves reviewing a proof of their
identity."  Obviously these two are totally in conflict.  Yet, the web
of trust seems not to care too much, perhaps because nobody would
really rely on the web of trust _only_ to do anything serious.

So an open question is due - how many out there believe in the model of
"proving identity then signing" and how many out there subscribe to the
more informal "show me your fingerprint and I'll trust your nym?"

What's this got to do with Financial Cryptography?  PKI, the white
elephant of the Internet security, is getting a shot in the arm from
web of trust.  In order to protect web browsing, CACert is issuing
certificates for you, based on your subscription and your entry into a
web of trust.  In one sense they have outsourced (strong) identity
checking to subscribers, in another they've said that this is a much
better way to get certificates to users, which is where security
begins, not ends.

http://CACert.org/

More pennies:  I've got my Thunderbird and Firefox back, so now I can
see the RSS feeds.  I came across this from Risks:

http://catless.ncl.ac.uk/Risks/24.01.html#subj8

How to build software for use in a den of thieves.  We'd call that
Governance and insider threats in the FC world - some nice tips there
though.

PaymentNews reports that  PayPal CEO Jeff Jordan's presented to Etail
2005:

    Nearly 10 percent of all U.S. e-commerce is funneled through
PayPal, according to Jordan. One out of seven transactions crosses
national boundaries. Consumers in more than 40 countries send PayPal,
and those in more than 20 countries receive this currency.

    "Our goal," he said, "is to be the global standard for online
payments."

http://www.dmnews.com/cgi-bin/artprevbot.cgi?article_id=33657
http://www.paymentsnews.com/2005/08/paypals_goal_th.html


And more from Scott:

    Eliminate the banking middle man -- that's what Zopa's about.
Rebecca Jarvis reports for Business 2.0 on what the UK's Richard Duvall
is up to with Zopa.

    Are you a better lender than a bank is? Richard Duvall, who helped
launch Britain's largest online bank, Egg, thinks you are. His new
venture, Zopa, is an eBay-like website that lets ordinary citizens
borrow money from other regular Joes -- no bank needed.

http://www.business2.com/b2/web/articles/0,17863,1085242,00.html
http://www.zopa.com/ZopaWeb/



In mailtapping news from Lynn, a US court of appeals reversed a ruling,
and said that ISPs could not copy and read emails.  Meanwhile a survey
found that small firms were failing to copy and escrow emails as
instructed.  And we now have the joy of companies competing to datamine
the outgoing packets in order to spy on insider's net habits.  The
sales line?  "every demo results in a sacked employee..."

E-mail wiretap case can proceed, court says
http://news.com.com/E-mail+wiretap+case+can+proceed,+court+says/2100-10
28_3-5829228.html?tag=nefd.top
Study Finds Small Securities Firms Still Fail To Comply With SEC E-mail
Archiving Regulations
http://www.compliancepipeline.com/showArticle.jhtml?articleID=168601153
When E-Mail Isn't Monitored
http://itmanagement.earthweb.com/secu/article.php/3526881

In closing, Everquest II faced off with hackers who had found a bug to
create currency.  We've seen this activity in the DGC world, and it no
doubt has hit the Paypal world from time to time;  it's what makes
payment systems serious.

http://news.zdnet.com/2100-1040_22-5829403.html

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/