[13885] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Ed Gerck)
Wed Jul 16 17:58:47 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Jul 2003 13:55:14 -0700
From: Ed Gerck <egerck@nma.com>
To: cryptography@metzdowd.com
Tyler Close wrote:
> On Wednesday 16 July 2003 13:58, Ed Gerck wrote:
> > BTW, IMO this thread has suffered the constant, excessive use of sweeping
> > statements and arguments. The way I see it, until the statement that
> > "Authentication of the target site MUST ONLY rely on information contained
> > in the YURL" is revisited, there is nothing much to discuss since there is
> > already a single point of failure that is fatally built into the system.
>
> In the authentication primer at:
>
> http://www.waterken.com/dev/YURL/Primer/
>
> there is a statement:
>
> "Authentication verifies the site you were actually introduced to,
> not the site you thought you were introduced to."
>
> Ed, do you agree or disagree with the quoted statement?
Authentication that reads thoughts .... sites that you are "actually"
introduced to (MITM, anyone?) ...
I believe you would want to edit that content before I comment it,
as well as the one I am quoted above.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
