On Tue, 23 Dec 2003, Seth David Schoen wrote:

>When attestation is used, it likely will be passed in a service like
>HTTP, but in a documented way (for example, using a protocol based on
>XML-RPC).  There isn't really any security benefit obtained by hiding
>the content of the attestation _from the party providing it_!

It's not the parties who are interested in security alone we're worried
about.  There is an advantage in profiling and market research, so I
expect anyone able to effectively subvert the protocols to attempt
to hide the content of remote attestataion.

                                Bear

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to