Ian Grigg <[EMAIL PROTECTED]> writes:
> But, it's now a decade down the path, and its well
> time to re-assess whether SSL/HTTPS, etc, is using
> the right models to benefit us.  Or anybody, really.

To follow up on this line a little more, I don't see why you're so
hung up on SSL here. SSL is perfectly capable of supporting an
SSH-style "leap of faith" authentication model or an anonymous
model. In fact, this is pretty much exactly how it's 
used for SMTP over TLS. 

It seems to me that your issue is with the authentication
model enforced by browsers in the HTTPS context, not with
SSL proper.


[Eric Rescorla                                   [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to