On 18/09/11 10:31, Ian G wrote:
On the other hand, a perfectly adequate low-level retail
transaction security system can best be achieved by using a
trusted-third-party, SSL-like system.
That's a marketing claim. Best ignored in any scientific
> discussion.
Yes, I agree, let's ignore it!
In your view then, is the alternative at all a public key based
crypto system? If yes, is it SSH (or SSH-like) "trust on first
contact" or something else?
~I~ have a dream: one nice morning, in a year or two, when we download
the new release of our favorite browser, it all of a sudden tells us
if the server we are connecting to employs SSL-nouveau (with a series
of trusted third parties, and who exactly they are) or SSH-nouveau
(trusting the continuation of server's public key in our possession).
In that brave new world, the server operator might even give the
client a choice: if there was a previous contact, it is SSH-nouveau,
otherwise it is SSL-nouveau. And the users who are about to order
a $34.95 book from Amazon just click through, and those that are
about to overthrow, by blood and iron, the oppressive, dictatorial
government of Greater Horribilia actually know what the hell is
going on, and act with prudence commensurate to their calling...
Absolute nirvana!
Mark R.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
