[39698] in Cypherpunks
Re: netscape's response
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Wed Sep 20 23:48:30 1995
From: "Jeff Weinstein" <jsw@netscape.com>
Date: Wed, 20 Sep 1995 18:35:58 -0700
To: cypherpunks@toad.com
NOTE: my first attempt to send this bounced at toad.com
On Sep 20, 5:16pm, David_A Wagner wrote:
> Subject: Re: netscape's response
> In article <9509200139.ZM206@tofuhut> you write:
> > On Sep 20, 12:29am, Christian Wettergren wrote:
> > > One wild idea that I just got was to have servers and clients exchange
> > > random numbers (not seeds of course), in a kind of chaining way. Since
> > > most viewers connect to a number of servers, and all servers are
> > > connected to by many clients, they would mix "randomness sources" with
> > > each other, making it impossible to observe the local environment
> > > only. And the random values would of course be encrypted under the
> > > session key, making it impossible to "watch the wire".
> >
> > Wow, this is a great idea!!
>
> Are you quite sure this is a good idea?
>
> I'd be very scared of it. In particular, it opens up the chance for
> adversaries to feed you specially chosen numbers to pollute your seeds.
What I should have said is that its a very interesting idea. Given
current perceptions of netscape, I should have made clear that I
wouldn't do something like this without getting a lot more discussion
and review of possible dangers and how to avoid them. I certainly
can't fault anyone for wondering if we would just implement this
without thinking it through, given recent events.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
