[14061] in cryptography@c2.net mail archive
Re: Is cryptography where security took the wrong branch?
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Sun Sep 7 14:21:33 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: crypto <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 07 Sep 2003 09:48:22 -0700
In-Reply-To: <3F5AD7CA.B8FEA80C@systemics.com>
Ian Grigg <iang@systemics.com> writes:
> But, it's now a decade down the path, and its well
> time to re-assess whether SSL/HTTPS, etc, is using
> the right models to benefit us. Or anybody, really.
To follow up on this line a little more, I don't see why you're so
hung up on SSL here. SSL is perfectly capable of supporting an
SSH-style "leap of faith" authentication model or an anonymous
model. In fact, this is pretty much exactly how it's
used for SMTP over TLS.
It seems to me that your issue is with the authentication
model enforced by browsers in the HTTPS context, not with
SSL proper.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
