[13878] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Ed Gerck)
Wed Jul 16 14:17:43 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Jul 2003 10:58:51 -0700
From: Ed Gerck <egerck@nma.com>
To: "Mark S. Miller" <markm@caplet.com>
Cc: Ben Laurie <ben@algroup.co.uk>, Tyler Close <tyler@waterken.com>,
cryptography@metzdowd.com
"Mark S. Miller" wrote:
> At 08:48 AM 7/16/2003 Wednesday, Ed Gerck wrote:
> >IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
> >problem.
>
> In order for the Carol that Alice introduces Bob to to be inauthentic, there
> must be some prior notion of *who* Alice was supposed to introduce Bob to.
No. Alice may simply always introduce Bob to a fraudster, independently of *who*
Bob wants to talk to.
BTW, IMO this thread has suffered the constant, excessive use of sweeping statements
and arguments. The way I see it, until the statement that "Authentication of the target site
MUST ONLY rely on information contained in the YURL" is revisited, there is nothing
much to discuss since there is already a single point of failure that is fatally built into the
system.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
