← Back to context

Comment by jiggawatts

12 hours ago

> It runs and accepts people's payments, which means you're not on the front page of the newspaper (not in a good way).

"It works if nobody attacks it." isn't security.

> They also have to go through payment networks which are very often the limits on those things.

For the same reasons.

> need Visa and Mastercard to upgrade as well.

They won't, and it's not worth asking them to. They're dinosaurs and will simply be replaced by a newer, more agile competitor.

It's already happening! Billions of people in Asia pay with their phones using home-grown payment systems, most of which are generally much more modern and better engineered.

> It is signed with the other party's private key. What does that buy you?

Same as what HTTPS does: attestation of identity by some trusted third-party, to some non-zero level. This could be literally just the existing CA networks and DNS domains as identity, but it could be governments, the banks themselves, etc.

I had some fraudulent transactions on my account labelled "Microsoft Subscription". It wasn't Microsoft. How can I tell?

Not even the bank knew the identity of the third party!

That's insane.