Announcing httpsy://, a YURL scheme
Ed Gerck
egerck at nma.com
Wed Jul 16 13:58:51 EDT 2003
"Mark S. Miller" wrote:
> At 08:48 AM 7/16/2003 Wednesday, Ed Gerck wrote:
> >IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
> >problem.
>
> In order for the Carol that Alice introduces Bob to to be inauthentic, there
> must be some prior notion of *who* Alice was supposed to introduce Bob to.
No. Alice may simply always introduce Bob to a fraudster, independently of *who*
Bob wants to talk to.
BTW, IMO this thread has suffered the constant, excessive use of sweeping statements
and arguments. The way I see it, until the statement that "Authentication of the target site
MUST ONLY rely on information contained in the YURL" is revisited, there is nothing
much to discuss since there is already a single point of failure that is fatally built into the
system.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list