[EMAIL PROTECTED] wrote:
A YURL aware search engine may find multiple independent references to a
YURL, thus giving you parallel reporting channels, and increasing trust.
Of course, this method differs from the YURL method for trust. The
parallel channel method assigns a trust value to a site
Ed Gerck wrote:
IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
problem.
Cryptography can't prevent Alice from telling lies about the web page that she
showing to Bob. But it can prevent that Bob sees a page different than the
one that Alice meant for
Ian Grigg [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
1) The YURL makes key management and replacement effectively
impossible.
Well, I would have said it suggests a different
method.
Instead of regimented, hierarchical and fixed
key management - an idea of poor track
At 11:26 AM 7/16/2003 -0400, Perry E. Metzger wrote:
Ian Grigg [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] wrote:
A YURL aware search engine may find multiple independent references to a
YURL, thus giving you parallel reporting channels, and increasing trust.
Of course, this method
On Wed, 16 Jul 2003 [EMAIL PROTECTED] wrote:
A YURL aware search engine may find multiple independent references to a
YURL, thus giving you parallel reporting channels, and increasing trust.
But any single search engine is itself a single reference, regardless
of how many times and contexts it
Mark S. Miller wrote:
At 08:48 AM 7/16/2003 Wednesday, Ed Gerck wrote:
IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
problem.
In order for the Carol that Alice introduces Bob to to be inauthentic, there
must be some prior notion of *who* Alice was
On Wednesday 16 July 2003 11:26, Perry E. Metzger wrote:
It seems to me to be more a bad idea, fully realized.
Perry, throughout this thread, you have made a number of factually
incorrect statements about YURL. Never have you provided an
argument to backup any of these statements. I know that
Ed Gerck wrote:
From your URLs:
The browser verifies that the fingerprint in the URL matches the public key
provided by the visited site. Certificates and Certificate Authorities are
unnecessary.
Spoofing? Man-in-the-middle? Revocation?
Also, in general, we find that one reference
Tyler should probably reference SFS on his HTTPSY pages. Here's a good paper
focussed specifically on this issue.
http://citeseer.nj.nec.com/mazieres99separating.html
Although I haven't looked closely at HTTPSY yet, I'm pretty sure that it
simply applies to the Web the same notion that SFS
Zooko [EMAIL PROTECTED] writes:
Although I haven't looked closely at HTTPSY yet, I'm pretty sure that it
simply applies to the Web the same notion that SFS applies to remote
filesystems.
It is an excellent idea.
SFS makes it practically impossible to do key updates, and the trust
model
Ben Laurie wrote:
Ed Gerck wrote:
Also, in general, we find that one reference is not enough to induce trust.
Self-references
cannot induce trust, either (Trust me!). Thus, it is misleading to let the
introducer
determine the message target, in what you call the y-property. Spoofing
Tyler Close [EMAIL PROTECTED] writes:
I have demonstrated the theory behind YURLs by providing an
implementation, the Waterken Browser, and by explaining how two
other widely used systems implement the theory.
Having an implementation demonstrates nothing whatsoever about
security -- many
12 matches
Mail list logo