On Thu, Sep 16, 2004 at 06:12:48PM +0100, Ian Grigg wrote:
| Adam Shostack wrote:
| >Given our failure to deploy PKC in any meaningful way*, I think that
| >systems like Voltage, and the new PGP Universal are great.
| 
| I think the consensus from debate back last year on
| this group when Voltage first surfaced was that it
| didn't do anything that couldn't be done with PGP,
| and added more risks to boot.  So, yet another biz
| idea with some hand wavey crypto, which is great if
| it works, but it's not necessarily security.

Sure, I like the system even if it breaks, because it focuses on ease
of use.  I didn't say I thought it secure.

| >* I don't see Verisign's web server tax as meaningful; they accept no
| >liability, and numerous companies foist you off to unrelted domains.
| >We could get roughly the same security level from fully opportunistic
| >or memory-oportunistic models.
| 
| Yes, or worse;  it turns out that Verisign may very
| well be the threat as well as the solution.  As I
| wrote here:
| 
| http://www.financialcryptography.com/mt/archives/000206.html
| 
| Verisign are in the eavesdropping business, which
| not only calls into doubt their own certs, but also
| all other CAs, and the notion of a trusted third
| party as a workable concept.

Yes.

Adam

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to