[13873] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Mark S. Miller)
Wed Jul 16 13:18:21 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Jul 2003 09:04:17 -0700
To: Ed Gerck <egerck@nma.com>
From: "Mark S. Miller" <markm@caplet.com>
Cc: Ben Laurie <ben@algroup.co.uk>, Tyler Close <tyler@waterken.com>,
cryptography@metzdowd.com
In-Reply-To: <3F1573B0.5CFDA69E@nma.com>
At 08:48 AM 7/16/2003 Wednesday, Ed Gerck wrote:
>IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
>problem.
In order for the Carol that Alice introduces Bob to to be inauthentic, there
must be some prior notion of *who* Alice was supposed to introduce Bob to.
CAs do their introductions (lookup name, get key) in a context where there
is such a prior notion, exactly because the CA introduction comes after some
other initial introduction informing Bob about Carol's identity in the first
place. I am speaking here of the initial introduction. If Bob has no prior
notion of Carol, what can it mean for Alice to introduce him to the wrong one?
Or do you mean something else by a non-authentic party?
Of course, Alice may misinform Bob about Carol's properties (non-"who"
issues), but I already covered that as a distinct case in the paragraph on
Alice's misbehavior.
----------------------------------------
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
