Ben Laurie <[EMAIL PROTECTED]> writes: > The recent conversation on SSL where Eric Rescorla was lampooned for > saying (in effect) "I've tried it on several occasions and it seemed > to work, therefore it must be trustworthy" to which he responded > "actually, that's a pretty reasonable way of assessing safety in > systems where there's no attacker specifically targeting you" prompted > me to ask this ... if a system claims to give you anonymity, how do > you (as a user) assess that claim? I find it hard to imagine how you > can even know whether it "seems to work", let alone has some subtle > problem.
That's clearly a much harder problem--and indeed I suspect it's behind the general lack of interest that the public has shown in anonymous systems. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]