undefined | Better HN

0 pointsHoyaSaxa2y ago0 comments

Not trying to side-step the question, but The FedNow Service Technical Overview and Planning Guide[1] goes into depth on what is not under NDA.

[1] https://explore.fednow.org/resources/technical-overview-guid...

0 comments

CobrastanJorji2y ago

Why would any of it be under an NDA?

ke88y2y ago

At the very least, one would hope that credentials and perhaps also certain design documents such as threat models aren't public.

There may also be implementation details or code which are subject to NDA, either from the Fed itself or from service providers such as IBM in this case. Sometimes you can get that info from a FOIA request, but that doesn't negate the fact that the employees working on the system are bound by an NDA. The FOIA has to happen and run its course.

rkagerer2y ago

certain design documents such as threat models aren't public

That smells like security through obscurity (which admittedly is the status quo in the banking world).

Contrasted to approaches like Bitcoin, for which full code and whitepaper are public, and which has managed to survive every attack vector thrown at it for the last decade and a half. Not arguing for Bitcoin as money here, just highlighting the diverse approaches to security and that it shouldn't be taken as a given that hiding those details makes it more secure.

gavinsyancey2y ago

Fraud detection heuristics, at least, fundamentally have to rely on security through obscurity. If fraudsters know exactly what is detected as fraud, they can avoid detection.

Bitcoin gets around this by having absolutely no fraud prevention, and just saying "lol sucks for you should've been more careful"...

1 more reply

psd12y ago

I can't agree that Bitcoin has survived every attack vector, given the animosity over the BTC fork.

ke88y2y ago

LOL what? Keeping private keys private is not "security through obscurity". Or if it is then basically all security is security through obscurity.

No one is posting their private keys on github, and when they do their crypto goes poof nearly instantly. None of the exchanges publish their threat model documents. I sure as shit don't tell people where I store my private keys.

The bitcoin whitepaper and code are more analogous to the ISO standard, which is public.

2 more replies

CobrastanJorji2y ago

I'm not sure "don't give out the private keys" is the sort of thing that needs a special contractual agreement.

jacobr12y ago

That is exactly that kind of thing that needs to be in a contract. When someone inevitably shares private keys and it results in some kind of financial loss ... who is responsible for the damages? Contracts codify the liability if it isn't otherwise defined by statute.

seany2y ago

> threat models

This is exactly the thing you _shouldn't_ put under NDA. What on earth?

mistrial92y ago

guess -- knowing the currently discussed threat models is a competitive advantage for the dozen fintech security firms that are in on this, and a "moat" against the other four hundred fintech security firms that are frantically trying to find a way to get inside this obviously well-funded Big Gov project.

1 more reply

throwawayForMe22y ago

After 9/11 everyone in the Fed working on the payments systems had to get National Security Clearance. These systems are considered critical national infrastructure. Exposing the source code will get you jail time.

mfer2y ago

Security is one good reason.

Fraud and people trying to mess with the system has been a long term problem and likely always will be. The results of which can hurt people. Keeping details private can make it more difficult for those folks.

If we try to prioritize goals of a system like this... security for people should be one of the highest. I think of the middle income single parent when I envision an example of a person in this system.

px432y ago

> The FedNow Service requires all messages to be cryptographically signed. The service validates the signature and association between the entity sending the message and the key used to sign it.

Hey, that's neat. I'm super curious how much the internals of this thing could be compared with something like a cryptocurrency. Are those signatures representative of the identities making the transaction? Might it be technically feasible some day for me to craft a transaction on my phone to send money to someone, then publish it directly, and have the person instantly confirm that they received a payment without needing to talk to a bank?

I'm really curious if this is what is going to eventually morph into the CBDC that everyone seems so excited about, or if that project is going to start from scratch.

ericpauley2y ago

I'm no expert on this so this is pure speculation, but what immediately jumps out from this document is the amount of security- and availability-critical work that depends on each member bank. With wire transfers this has historically been achieved by gating transfers behind physically visiting a branch (not universally true). The synchronous nature (recipient must confirm transaction in real-time) of transfers may also cause annoying failures when recipient banks do maintenance or something at inconvenient times.

1 more reply

j / k navigate · click thread line to collapse

0 comments

CobrastanJorji2y ago

Why would any of it be under an NDA?

ke88y2y ago

At the very least, one would hope that credentials and perhaps also certain design documents such as threat models aren't public.

rkagerer2y ago

certain design documents such as threat models aren't public

That smells like security through obscurity (which admittedly is the status quo in the banking world).

gavinsyancey2y ago

Fraud detection heuristics, at least, fundamentally have to rely on security through obscurity. If fraudsters know exactly what is detected as fraud, they can avoid detection.

Bitcoin gets around this by having absolutely no fraud prevention, and just saying "lol sucks for you should've been more careful"...

1 more reply

psd12y ago

I can't agree that Bitcoin has survived every attack vector, given the animosity over the BTC fork.

ke88y2y ago

LOL what? Keeping private keys private is not "security through obscurity". Or if it is then basically all security is security through obscurity.

The bitcoin whitepaper and code are more analogous to the ISO standard, which is public.

2 more replies

CobrastanJorji2y ago

I'm not sure "don't give out the private keys" is the sort of thing that needs a special contractual agreement.

jacobr12y ago

seany2y ago

> threat models

This is exactly the thing you _shouldn't_ put under NDA. What on earth?

mistrial92y ago

1 more reply

throwawayForMe22y ago

mfer2y ago

Security is one good reason.

px432y ago

> The FedNow Service requires all messages to be cryptographically signed. The service validates the signature and association between the entity sending the message and the key used to sign it.

I'm really curious if this is what is going to eventually morph into the CBDC that everyone seems so excited about, or if that project is going to start from scratch.

ericpauley2y ago

1 more reply

j / k navigate · click thread line to collapse