"Mark S. Miller" wrote: > At 08:48 AM 7/16/2003 Wednesday, Ed Gerck wrote: > >IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the > >problem. > > In order for the Carol that Alice introduces Bob to to be inauthentic, there > must be some prior notion of *who* Alice was supposed to introduce Bob to.
No. Alice may simply always introduce Bob to a fraudster, independently of *who* Bob wants to talk to. BTW, IMO this thread has suffered the constant, excessive use of sweeping statements and arguments. The way I see it, until the statement that "Authentication of the target site MUST ONLY rely on information contained in the YURL" is revisited, there is nothing much to discuss since there is already a single point of failure that is fatally built into the system. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
