Is cryptography where security took the wrong branch?
Eric Rescorla
ekr at rtfm.com
Sun Sep 7 12:48:22 EDT 2003
Ian Grigg <iang at systemics.com> writes:
> But, it's now a decade down the path, and its well
> time to re-assess whether SSL/HTTPS, etc, is using
> the right models to benefit us. Or anybody, really.
To follow up on this line a little more, I don't see why you're so
hung up on SSL here. SSL is perfectly capable of supporting an
SSH-style "leap of faith" authentication model or an anonymous
model. In fact, this is pretty much exactly how it's
used for SMTP over TLS.
It seems to me that your issue is with the authentication
model enforced by browsers in the HTTPS context, not with
SSL proper.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list