[Webfunds-users] Napster for Money?
David Hillary
davidhillary@optushome.com.au
Sun, 15 Apr 2001 21:03:59 +1000
Linas Vepstas wrote:
>
> Hi,
>
> I'm the lead developer for GnuCash (www.gnucash.org) and I've been
> eyeing webfunds (and other electronic money systems) for inclusion
> into GnuCash (an open source (GPL'ed) accounting/finance
> application). Any actual work is not likely (our list of desired
> enhancements is longer than my arm), but its fun to daydream every
> now and then. My curent scary daydream 'napster for money'.
>
> So, with that in mind, some newbie questions:
> I read almost every page on the website, and I swear, I still don't
> understand how it works. In fact, I'm so confused, I don't know
> where to begin.
>
> Some 5-6 years ago, I read some whitepapers about using crypto for
> e-cash. I remember only the vaguest generalities, still, nothing in
> the ricardian contracts seems to match. I would really, really,
> really appreciate an Alice-Bob explanation of how it works.
I am not sure I 'get' webfunds and ricardian contracts at this stage buy
a couple of weeks ago, as I was in bed I finally 'clicked' about how
digital bearer certificate financial crypography *could* work.
you need an Issuer -- an entity of high reputation for capacity to pay
such as a bank.
and you need Bearers -- entities who deposit funds with the Issuer in
exchange for Bearer Certificates, or who provide value to others in
exchange for Bearer Certificates.
A Digital Bearer Certificate is a digitally signed *promise* from the
issuer to the Bearer to pay a certian sum of money on demand. This
promise is backed by 1). the reputation of the Issuer for being able to
redeem such demands and 2). the user's faith in the cryptography
assuring them that a) no one could have read/copied the Digital Bearer
Certificate in transit and b) that the signature is authentic, showing
that the promise is genuine and enforcable.
Digital Bearer Certifaces can be copied, backed up and otherwise stored
to protect against loss. They can also be printed out or saved to disk
or saved onto a magnetic strip card or smart card or whatever, its just
a sequence of characters.
To make a payment to another bearer, simply send it to that party,
whether by physical delivery of it printed out or saved on disk, emailed
or whatever.
The recipient then checks the validity of the Digital Bearer Certificate
by communicating with the Issuer. Once the Digital Bearer Certificate is
deemed valid, the recipient then asks for a fresh Digital Bearer
Certificate in exchange for the old one. This makes any back up copies
of the original Digital Bearer Certificate invalid.
The Issuer does not need to know who holds the certificates when it
re-issues certificates.
Thus encrypted, digitally signed communications technology can reduce
minting and authentication costs to basically zero, thus with each
transaction currency can be authenticated and re-issued. It also means
that the currency can be printed off or loaded into other devices --
instead of going down to the ATM to get cash out of your account you can
just download it from your account to digital currency, and print it out
yourself. Receipt of payment requires authentication thus a
communications path connecting to the Issuers server. Mobile
telecommunications and 3G wireless technologies enable the development
of all manner of payments systems. This could involve physical reading
of magnetic strips on cards into wireless devices which authenticate
currency or the currency itself could be transmitted from storage in
wireless devices to the payee.
I don't know if this is how webfunds and systemics works, but this is
how currency/value can be turned into a series of characters, and
transmitted from payer to payee in privacy.
David Hillary
that they can in fact
>
> (BTW, the url for Edinburgh Financial Cryptography Engineering
> efce.org, seems to point at european federation of chemical
> engineers, and so the slides aren't viewable).
>
> My confusion has to do with what roles the mint, the banks and the
> individuals play with respect to each other. Is the reicardian
> contract between the individual and the mint? Between a pair of
> individuals? If A received value from B, how can A send value to C?
> Must it involve a 'market maker/trader', or can A & C exchange value
> privately? If thier interactions are 'public' (i.e. must be mediated
> by a 'bank/mint' running a 'server' somehwere), then can they still
> be anonymous? What prevents A from spending the same 'value' twice?
>
> I suspect the answer to that last question is probably easy, once I
> 'get' the paradigm. But I sure don't get it yet ...
>
> (There's a host of related questions that I'll ask as soon as you
> answer the above; many of which might have trivial answers, but
> still...: for example, what happens if someone breaks into my
> computer and 'steals' my wallet (i.e. makes a copy of it)? What
> if I was to aid and abet such an action? What about the
> 'man-in-the-middle' attacks? Can someone pose as a bank,
> and if so, does it matter? What if a cracker got into the e-bank
> server? What sort of damage could be done? What happens if
> the e-bank or issueing authority is disreputable, dishonest, etc.
> Can they damage the entire 'float' or is the damage limited? )
>
> I hope you can answer these questions ... (and BTW, I think it would
> be good if you did so on your website; a clear description would
> engender a better understanding, and thus, hopefully, encourage
> a broader acceptance of what your doing.)
>
> Thanks,
>
> --linas
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature