Verifying Anonymity

[Eric Rescorla]

Ben Laurie <ben at algroup.co.uk> writes:
> The recent conversation on SSL where Eric Rescorla was lampooned for
> saying (in effect) "I've tried it on several occasions and it seemed
> to work, therefore it must be trustworthy" to which he responded
> "actually, that's a pretty reasonable way of assessing safety in
> systems where there's no attacker specifically targeting you" prompted
> me to ask this ... if a system claims to give you anonymity, how do
> you (as a user) assess that claim? I find it hard to imagine how you
> can even know whether it "seems to work", let alone has some subtle
> problem.

That's clearly a much harder problem--and indeed I suspect it's behind
the general lack of interest that the public has shown in anonymous
systems.

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com