Horse racing
- What kind of communication links do you require?
- What if you don't have enough bandwidth between vendor and center
  to log all bets before the race happens?  (send a bit commitment)
- Who has precedence in unclear cases?
  - "All winning receipts are payable" vs. "No jackpot gets paid twice".
- Who bears the burden of risks?
  Who has the opportunity to reduce those risks?
- What do you do in exceptional cases?
  - e.g., What if you lose communications between vendor and center?
- What do you do about refunds?
- What if there is a dispute?
  - e.g., What if the communication line between vendor & center goes
    down in the middle of a transaction?  Need idempotent transactions
    that can be replayed offline.
- Collusion between two parties to attack the third?
  - e.g., After race happens, customer claims he received a receipt for
    a winning bet, and vendor says it was properly issued.
- Can vendors offer their own betting, running a "gambling operation
  on the side" (possibly with better odds, or with the profits all going
  to the vendor rather than being shared with the center)?
  - No way to prevent it if vendor and customer collude.
  - However, technical solutions exist if (1) side bets are illegal
    for the vendor, and (2) a curious customer can detect whether his
    receipt came from an authorized source.  For instance, the cops can
    then run sting operations.
- Did you remember to ensure that all losing bets are collected on?
- Did you remember to defend against insider attacks?
  - What do you think of the following quotation:
    "All outsider attacks can also be perpetrated by insider attacks,
     so you might as well consider only insider attacks."
- Did you use tamper-resistance?  What if it fails?
- Privacy protection for bets?  Should insiders be able to learn patterns
  that people use when they bet, giving them an advantage that outsiders
  don't have?
- The CEO of the center must be trusted.  IF all employees at the center
  are malicious, there's nothing you can do: they can cheat everyone blind.
- Collusion with horse jockeys -- they can throw a race.
- Secure channels vs. signatures -- former doesn't provide non-repudiation.
- Payout @ server vs. @ vendor -- the issue is trust in the vendor.
- Why not use physically secure paper tickets as the only security mechanism?
- I liked the idea of write-once media: it can be deposited in a bank
  vault or in escrow at a lawyer's office before the race starts, and picked
  up by a trusted employee (different from the programmers) -- this can be
  used to provide separation of duties for security against insiders at
  the center.

Possible policy:
- Not possible to place bets after the race has been run.
- Required to pay off on all bets, including losing ones.
- Prevent attacks through bogus vendors.

Possible designs:
- Treat the center as a wholesaler, who will sell bets to all comers
  using ecash.  Vendors then act as a middleman, but from the point of
  view of the center, the center doesn't care what the vendor does with
  this bet.  Consumers buy from vendors, who buy from the center, and
  winning consumers collect from their vendor, who collects from the
  center.
  - Problem: A vendor whose customer wins the jackpot can take the
    money and run.

Primitives:
- Public-key signatures.
- Bit commitment, hash chains.
- Timestamping.
- Physical audit logs
- Physically secure paper stock (holograms, etc.) -- but beware theft