From hungary-online-owner Tue Sep 5 00:49:35 1995 Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id AAA07225 for hungary-online-announce-out31415; Tue, 5 Sep 1995 00:49:35 -0700 Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id AAA07216; Tue, 5 Sep 1995 00:49:22 -0700 Received: from steve@isys.hu () via =-=-=-=-=-= for hungary-online-announce@hungary.yak.net (7214) Received: from kingzog.isys.hu (KingZog.isys.hu [194.24.160.4]) (fnord) by nando (8.6.5/8.6.5) with ESMTP id AAA07207 for ; Tue, 5 Sep 1995 00:48:42 -0700 Received: from [194.24.160.22] (bubba.isys.hu [194.24.160.22]) by kingzog.isys.hu (8.7.Beta.11/8.7.Beta.11) with SMTP id JAA27411 for ; Tue, 5 Sep 1995 09:48:08 +0200 (MET DST) Date: Tue, 5 Sep 1995 09:48:08 +0200 (MET DST) X-Sender: steve@mail.isys.hu Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: hungary-online-announce@hungary.yak.net From: steve@isys.hu (Steven Carlson) Subject: (HOL-A) Netscape Leads Digital Finance Race Sender: owner-Hungary-Online-announce@hungary.yak.net Precedence: bulk Reply-To: Hungary-Online@hungary.yak.net Hi friends - This is my most recently column in the Budapest Business Journal. It came out Friday. I realize I've got out of the habit of sending my columns to the list, so in the next few days I'll post of a few I wrote over the summer. The column below is my favorite kind of writing - a thoughtful analytical essay. Unfortunately it takes more concentration than I have these days to write one a week. That's why I now publish every other week. =steve= -- Netscape Leads Digital Finance Race hungary-online by Steven Carlson You might have read the news recently. A French university student, Damien Doligez, announced to the world he had cracked a message encrypted with Netscape Communication Corporation's Secure Sockets Layer (SSL) protocol. Later it was revealed a team working in Australia, Sweden and the UK had achieved the same result just two hours before the Frenchman. This word came only days after Netscape's highly publicized Initial Public Offering. The stock opened at approximately $28, and was trading in the 70s within minutes - unprecedented for a company that has yet to show a profit. Some analysts predicted the news that SSL had been cracked would send the share price down. In fact the effect was negligible. What does all this mean? Stock market hoopla over the Netscape IPO, and efforts to crack SSL, are part of a much larger game. At stake is an emerging industry estimated to be worth tens of billions. The prize: to create a standard for digital financial transactions, and win a cut of payments sent across the Internet. The catch: nobody seems to know the rules of the game. Digital payment systems have become the Holy Grail of the Internet. Yet human beings tend to be very conservative about money - and for good reasons. Our present monetary system has evolved over hundreds of years, and not without periodic crises. Though credit cards are now commonplace, it took decades for plastic money to win universal acceptance in the United States. Many countries, like Hungary, still work on a mainly cash economy. Whatever form this digital payment system of the future takes, the only sure bet is it won't be created overnight. Netscape has decided, perhaps correctly, that plastic money is a first step toward digital money. In order to use plastic over the Internet we have to be sure nobody will intercept and use our credit card information. Netscape hopes to create the infrastructure for secure transactions. The company hopes acheive this aim by leveraging its position as the leading developer of software used to publish and read information on the World Wide Web. As a startup company, Netscape made its mark on the net last year by giving away its popular Netscape browser, a tool for Web surfing. Seventy percent of Web users now use Netscape. The company now sells high-end server software to publish information on the Web. Netscape has also established new standards for HTML, the markup language used to create Web pages. Having set the pace of Web development, Netscape is currently creating software protocols, like SSL, for sending credit card numbers and other sensitive information across the Internet. These security protocols are built into the Netscape software. Moreover Netscape openly publishes these protocols, and invites other companies to use them. Many already have. So why crack the code? Doligez and others wanted to make a point. The version of SSL Doligez cracked was a weaker 40-bit encryption algorithm approved for export by the American government. According to US law, dating back to the cold war, exporting strong encryption is a federal offense. Americans get to use a robust 120-bit keyspace, while the rest of the world gets the watered down version. Even so it took Doligez eight days and 120 computers to crack the weaker code. The American algorith is much stronger, Doligez concurs: "I wouldn't even try breaking it by brute force with all the machines in the world." Moreover, the data Doligez gained represents the equivalent of only one credit card number. According to Chris Holton of Netscape, the Frenchman used $10,000 worth of computing power to do it. Therefore the effort and expense of cracking even an SSL-40 encrypted message is hardly worth the potential gain. "People steal a lot more card numbers by simply rummaging through restaurant garbage cans," says Holton. Nevertheless perceptions of security are often more important than the reality. As cryptographer and Internet finance consultant Eric Hughes points out in a recent issue of Release 1.0, somebody trying to launch a payment system has to sell his wares to three audiences: users, merchants, and financial intermediaries such as banks. Each has very different requirements. Each, of these guys is going to be a hard sell. Recognizing this, Netscape has forged relationships with financial institutions, most notably Mastercard. The financial community has a vested interest in jump-starting the digital economy, and in beating potential rivals. A software company like Netscape needs the establishment respectibility and world wide customer base of a major player if it wants to be the banker inside your PC. Not surprisingly, Netscape and Mastercard are not the only kids on the block with this idea. Software giant Microsoft has teamed up with VISA on a similar scheme based up the just-launched Microsoft Network. But the two alliances are already working together to make sure whatever systems they develop are still compatible. Even the big boys know they to generate an enormous amount of critical mass to succeed in substituting digits for your dollars and cents. Credit card-based systems are by no means the only way to go. Several small, innovative companies with names like DigiCash and Cybercash are touting alternate schemes. One company, First Virtual, is already accepting customers. But such efforts have little chance of any long-term success without the wide-scale support of the financial world. But credit cards in cyberspace are not necessarily the financial step in the evolution of the digital economy. Hughes argues that card-based systems are only a stopgap measure until a true network payment system evolves. He points out that credit card numbers are trivially easy to reproduce. Mere possession of a valid credit card number allows the bearer to use the card; the current technology does not provide a means of identifying the true owner. These flaws already cost the credit card industry billions annually. In a networked world they could be fatal. Even our present hardware and software may not prove reliable enough. After all, who hasn't lost a day's work to a crashed hard drive or a corrupted floppy disk? What happens when your PC crashes just as you're downloading your monthly salary from the company server? Obviously it will take some time to develop this financial infrastructure of the future. A great deal of intertia must be overcome. The public and financial institutions will be slow in accepting change. The investment will be staggering. And yet the momentum is there. It's too early to predict how and when this networked marketplace will emerge, but companies like Netscape are laying the foundations. -- If you're interested in more info on this topic, you can check out the notes of a talk I held at the MAK Internet Club, entitled "Digital Cash, the Future of Money?". I've prepared those notes in the form of a Web page, with hypertext links to the sources I used in my research. Check out Steven Carlson is Net Media Manager for iSYS Hungary. --- Steven Carlson iSYS Hungary info@isys.hu steve@isys.hu http://www.isys.hu ############# # This message to Hungary-Online-announce@hungary.yak.net # was from steve@isys.hu (Steven Carlson) # # To unsubscribe, # send "unsubscribe" to # For a full subscription (rather than this announcement-only subscription) # mail "subscribe" to # Send mail to for more information, # or to if you need human assistance. #############