[13855] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Ed Gerck)
Tue Jul 15 23:03:56 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 15 Jul 2003 10:37:47 -0700
From: Ed Gerck <egerck@nma.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Tyler Close <tyler@waterken.com>, cryptography@metzdowd.com
Ben Laurie wrote:
> Ed Gerck wrote:
>
> >From your URLs:
> >
> > "The browser verifies that the fingerprint in the URL matches the public key provided by the visited site. Certificates and Certificate Authorities are unnecessary. "
> >
> > Spoofing? Man-in-the-middle? Revocation?
> >
> > Also, in general, we find that one reference is not enough to induce trust. Self-references
> > cannot induce trust, either (Trust me!). Thus, it is misleading to let the introducer
> > determine the message target, in what you call the "y-property". Spoofing and
> > MITM become quite easy to do if you trust an introducer to tell you where to go.
>
> BTW, tell me how you do spoofing and MITM if you aren't the trusted
> introducer (if you are, clearly there's no need to spoof or MITM,
> because you can just give the target of your choice)?
My point exactly. Trust can also be seen as that which can break your system.
By believing in *one* trusted introducer, a single source of information, a single
trusted source, you have no correction channel available. One of the earliest
references to this principle can be found some five hundred years ago in the Hindu
governments of the Mogul period, who are known to have used at least three
parallel reporting channels to survey their provinces with some degree of reliability, notwithstanding the additional efforts. More in http://nma.com/papers/e2e-security.htm
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
