Your face is getting seen all over the place, you’ll be doing adverts next

Protocols with public or private scrutiny do fail for a variety of reasons.

Unfortunatly a lot are designed on the backs of other protocols either for compatability or because the desigers patchwork their protocol together from other protocols.

As has recently been seen with TLS/SSL even longstanding protocols fail when used in a way that the original designers did not envisage.

Which was why I was surprised not to see “fault analysis” up on your list.

One of the reasons Chip-n-Spin got bad press (deservadly so) was the way the protocol fell back to mag stripe.

Arguably it was done for “customer conveniance”, which is the reason a lot of other security protocols fail (think expensive hotels where there is little or no checking when a person claims to be locked out of their room).

I expect to see a large number of privately developed protocols to fail to the desire for “conveniance” in a business not technicaly driven arena.

You are of course correct. What I was more thinking of is that there generally is a public RFC before widespread deployment of the protocol it implements.

I think the idea of “running code” is a very good one, and I’d prefer if the IETF were even more strict about requiring multiple independent interoperable implementations than they currently are.

Not only is this good for improving the robustness of the protocol and clarity of the specification, it also encourages simplification. If the protocol designers need to build what they specify, unnecessary complication and risky corner-cases can be eliminated at an early stage.

Nice work (and also Kudos to Saar), though I’m not less sure whether there are still banks willing to issue new cards with the name “S.J. Murdoch” on