[13850] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 15 09:22:53 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Zooko" <zooko@zooko.com>
Cc: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: 15 Jul 2003 09:21:11 -0400
In-Reply-To: <E19cPVK-0003jF-00@localhost>
"Zooko" <zooko@zooko.com> writes:
> Although I haven't looked closely at HTTPSY yet, I'm pretty sure that it
> simply applies to the Web the same notion that SFS applies to remote
> filesystems.
>
> It is an excellent idea.
SFS makes it practically impossible to do key updates, and the trust
model is rather flawed -- if you mount files from one site you in
practice end up trusting it totally, which means that it can hand you
links to spoofed other sites and you'll in practice totally believe
them unless you're paying very close attention and have the ability to
perfectly recognize long hashes by eye. It is a neat idea, and
certainly instructive, but I don't know that I particularly love it.
The "YURL" idea seems to suffer from most of the same flaws.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
