[15770] in cryptography@c2.net mail archive
Verifying Anonymity
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Jul 16 12:37:10 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 16 Jul 2004 10:38:44 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: cryptography@metzdowd.com
The recent conversation on SSL where Eric Rescorla was lampooned for 
saying (in effect) "I've tried it on several occasions and it seemed to 
work, therefore it must be trustworthy" to which he responded "actually, 
that's a pretty reasonable way of assessing safety in systems where 
there's no attacker specifically targeting you" prompted me to ask this 
... if a system claims to give you anonymity, how do you (as a user) 
assess that claim? I find it hard to imagine how you can even know 
whether it "seems to work", let alone has some subtle problem.
Cheers,
Ben.
-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com