[13867] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jul 16 11:28:00 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: Michael_Heyman@NAI.com, cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: 16 Jul 2003 11:26:12 -0400
In-Reply-To: <3F156290.D95D3BF2@systemics.com>
Ian Grigg <iang@systemics.com> writes:
> Michael_Heyman@NAI.com wrote:
>
> > A YURL aware search engine may find multiple independent references to a
> > YURL, thus giving you parallel reporting channels, and increasing trust.
> > Of course, this method differs from the YURL method for trust. The
> > parallel channel method assigns a trust value to a site by querying the
> > YURL aware search engine.
>
> That's an extraordinarily good idea! It reminds
It seems to me to be more "a bad idea, fully realized".
I'll repeat:
1) The "YURL" makes key management and replacement effectively
impossible.
2) It leads to situations in which you have no way to know what sort
of trust relationship you have for the documents you're looking at.
3) It is impossible for people to determine that a "YURL" actually is
what it claims it is, given that most people can't actually
remember one hash, let alone large numbers of them, etc.
Those are just some of the more obvious issues.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
