[15773] in cryptography@c2.net mail archive
Re: Verifying Anonymity
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Fri Jul 16 13:08:27 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Ben Laurie <ben@algroup.co.uk>
Cc: cryptography@metzdowd.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 16 Jul 2004 09:49:40 -0700
In-Reply-To: <40F7A224.2090602@algroup.co.uk> (Ben Laurie's message of "Fri,
16 Jul 2004 10:38:44 +0100")
Ben Laurie <ben@algroup.co.uk> writes:
> The recent conversation on SSL where Eric Rescorla was lampooned for
> saying (in effect) "I've tried it on several occasions and it seemed
> to work, therefore it must be trustworthy" to which he responded
> "actually, that's a pretty reasonable way of assessing safety in
> systems where there's no attacker specifically targeting you" prompted
> me to ask this ... if a system claims to give you anonymity, how do
> you (as a user) assess that claim? I find it hard to imagine how you
> can even know whether it "seems to work", let alone has some subtle
> problem.
That's clearly a much harder problem--and indeed I suspect it's behind
the general lack of interest that the public has shown in anonymous
systems.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
