Re: Authenticating Merchants from Adam Roach on 2017-02-24 (public-payments-wg@w3.org from February 2017)

From: Adam Roach <abr@mozilla.com>
Date: Fri, 24 Feb 2017 11:30:35 -0600
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <a867203d-45b7-ff90-7b8a-0183a457794c@mozilla.com>

On 2/24/17 06:14, Anders Rundgren wrote:
> A payment ecosystem consists of independently managed systems where 
> particularly Merchants' and Users' systems are not assumed to be 
> perfect.  A Merchant signature (if it can be securely derived to the 
> claimed Merchant identity NB...), at least provides some kind of proof 
> that the involved parties are actually dealing with the same data.  So 
> I would rather characterize this as a basic data integrity solution.

I'd characterize it as blindly and randomly applying security 
technologies in the naïve hope that doing so will somehow make the 
system "better" in a way that can't be explained.

Start with a threat model. Then come up with countermeasures. Just 
throwing signatures into the mix without an understanding of why you're 
doing so -- specifically, knowing exactly what attack you're preventing 
-- leads to implementation complexity and the illusion of improved 
security, with no real benefit.


-- 
Adam Roach
Principal Engineer, Mozilla

Received on Friday, 24 February 2017 17:39:37 UTC