Some Remarks on the Certificates Registration of the Electronic Commerce Protocol SET

The SET (Secure Electronic Transaction) protocol uses digital signature, encryption primitives and digital certificates to authenticate, hide messages and to authorize transactions. SET claims that by using these cryptographic techniques it ensures the secrecy of the client’s credit card number, the integrity of transmitted data and the authentication of the involved entities. Our analysis shows that, under some considerations, none of these security properties would in fact be guaranteed. This paper describes the SET protocol and presents some interesting remarks about its security: some precautions must be taken when implementing SET, otherwise, it would result in an insecure protocol that would allow a dishonest person to harm both the client and the merchant.