[EMAIL PROTECTED] wrote: > A YURL aware search engine may find multiple independent references to a > YURL, thus giving you parallel reporting channels, and increasing trust. > Of course, this method differs from the YURL method for trust. The > parallel channel method assigns a trust value to a site by querying the > YURL aware search engine.
That's an extraordinarily good idea! It reminds me of the technique for determining banks SWIFT codes. It seems that the banks often don't really know themselves, so if you do a google search on the bank name and the word 'SWIFT' you will find lots of merchants that already quote it on the net! Now, one thing that could be done against such a situation is to poison the search engine with false URLs in advance of some mailing. This is relatively easy, although, will result in a lot of trails which might give indicators to the perp, so I'd count that as an expensive technique, and thus, the utility of the URL searching still remains high. YURLs are meant to be cached by the browser, I found that somewhere in the documents but do not recall where. The same obviously goes for Simon Josefsson's crypto-URLs, as mentioned by Trevoer Perrin. This is the really neat part, in that when we start to think of server authentication as a volume & correlation problem - as expounded on by Mark Miller - rather than a one-supreme-quality problem, not only do we achieve sufficient security for most purposes, we do it with no more than the free net resources. And, it has the additional benefits of matching real life, and returning our Internet back to a "no permission needed" society. -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
