Announcing httpsy://, a YURL scheme
Ben Laurie
ben at algroup.co.uk
Tue Jul 15 06:52:00 EDT 2003
Ed Gerck wrote:
>>From your URLs:
>
> "The browser verifies that the fingerprint in the URL matches the public key provided by the visited site. Certificates and Certificate Authorities are unnecessary. "
>
> Spoofing? Man-in-the-middle? Revocation?
>
> Also, in general, we find that one reference is not enough to induce trust. Self-references
> cannot induce trust, either (Trust me!). Thus, it is misleading to let the introducer
> determine the message target, in what you call the "y-property". Spoofing and
> MITM become quite easy to do if you trust an introducer to tell you where to go.
What is a CA other than an introducer?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list