Re: PACKAGE in the MAIL: Is it SAFE?

From: hal@finney.org
Date: Tue Jan 23 2001 - 12:21:58 MST

Next message: markpjunk@wethink.com.au: "Re: SOC/BIO: George Will joins the bioluddites"
Previous message: Chris Rasch: "Re: CODE: Programming project required"
Maybe in reply to: my inner geek: "PACKAGE in the MAIL: Is it SAFE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

KPJ writes:
> Note: "set up proper secure communications with them" means "meet them
> in person and exchange keys, and then use these keys to set up
> an encrypted communication link with them".
>
> Unfortunately, one can not do that without getting their key _in_person_.

I think you're over-emphasizing the need to meet in person.

In the first place, even if you do meet in person, that may not mean much.
How do you know the person you are meeting is the person you think you
are meeting? Even if they are the right person, what good does that do
you if the person turns out to be dishonest and cheats you?

In the second place, if you do trust a connection, perhaps because
it originated in person, then other people they recommend to you
electronically can be trusted as well. Suppose you're part of an
underground movement and you met some members of the cell in person and
exchanged keys, those members can give you the keys of other members of
the group electronically.

> And if you wish to engage in e-trade with some entity which you don't meet
> in person, then somebody can have broken the communication security and
> you lose. And you would not even notice it.

Let's suppose you engage in e-trade with an entity *identified* by
a key. And you find a number of recommendations from people you trust
saying that they have engaged in trade with that key and he was honest
and trustworthy. Then you can engage in trade with an expectation of
honesty based on the party's reputation.

> Anonymous cash fixes the vendor's problem but not the buyer's problem.
>
> The vendor gets anonymous cash, and thus gets paid.
> But the buyer cannot really know the vendor will deliver anything.

There are some systems that can help with this. An obvious example is
to turn the tables and pay upon delivery. Another traditional technique
is to pay part in advance, part upon delivery.

An unconventional technique used occasionally in real life is to tear a
$100 bill in half, then give half to the other party beforehand, the other
half afterwards. Neither party can profit by cheating in this scenario.
Cryptographic techniques exist to do the same thing with ecash.

Hal

Next message: markpjunk@wethink.com.au: "Re: SOC/BIO: George Will joins the bioluddites"
Previous message: Chris Rasch: "Re: CODE: Programming project required"
Maybe in reply to: my inner geek: "PACKAGE in the MAIL: Is it SAFE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 28 2001 - 09:56:24 MDT