Re: the curse of the S(imple) protocols, was: Re: e2e

To: John C Klensin <john-ietf at jck.com>
Subject: Re: the curse of the S(imple) protocols, was: Re: e2e
From: Henning Schulzrinne <hgs at cs.columbia.edu>
Date: Fri, 17 Aug 2007 13:10:41 -0400
Cc: SM <sm at resistor.net>, Iljitsch van Beijnum <iljitsch at muada.com>, Keith Moore <moore at cs.utk.edu>, ietf at ietf.org
In-reply-to: <B44EB93EBC61D65A5E417D21@p3.JCK.COM>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD3701341995@MOU1WNEXMB04.vcorp.ad.vrsn.com> <8244E3BE-1A26-4B0A-99DC-0DF7AF7F8810@cisco.com> <46C29647.5070202@qualcomm.com> <FABD8E3A-D5CF-4EED-927B-A039BCAEE90C@cisco.com> <46C36461.2060907@cs.utk.edu> <46C36599.9040907@cisco.com> <D03E4899F2FB3D4C8464E8C76B3B68B0DBB6F4@E03MVC4-UKBR.domain1.systemhost.net> <6.2.5.6.2.20070816104133.02bbb2f0@resistor.net> <F8AE6F9E-4CE0-43B2-B209-28707DE0C0AE@muada.com> <46C59B00.8040601@cs.utk.edu> <BDB4FDEA-273D-4D91-9CD3-089865284891@muada.com> <B44EB93EBC61D65A5E417D21@p3.JCK.COM>

The problem is incentive alignment. For example, for CNP (card not present) fraud, the merchant eats the loss, so the credit card company has limited incentive to make the system more secure. After all, they still get their cut even on charge-backs.

Same problem here: everybody might be better off with a more secure system, but the benefits don't occur until almost everyone uses the system, so nobody has an incentive to go first.

That should, I think, make some predictions about the deployment
and effectiveness of anything really new and effective.  As with
certain types of credit card fraud, it appears to be cheaper for
the financial institutions to build the costs into their fee
structure and then just eat the losses, rather than making
significant investments in better systems or more inconveniences
that might drive customers away.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: e2e
  - From: Hallam-Baker, Phillip
- Re: e2e
  - From: Fred Baker
- Re: e2e
  - From: Lakshminath Dondeti
- Re: e2e
  - From: Fred Baker
- Re: e2e
  - From: Keith Moore
- Re: e2e
  - From: Michael Thomas
- RE: e2e
  - From: michael.dillon
- RE: e2e
  - From: SM
- Re: e2e
  - From: Iljitsch van Beijnum
- Re: e2e
  - From: Keith Moore
- the curse of the S(imple) protocols, was: Re: e2e
  - From: Iljitsch van Beijnum
- Re: the curse of the S(imple) protocols, was: Re: e2e
  - From: John C Klensin

Prev by Date: Gen-art review of draft-ietf-ccamp-inter-domain-pd-path-comp-05.txt
Next by Date: Re: New models for email (Re: e2e)
Previous by thread: Re: the curse of the S(imple) protocols, was: Re: e2e
Next by thread: Re: the curse of the S(imple) protocols, was: Re: e2e
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: the curse of the S(imple) protocols, was: Re: e2e

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.