On Sun, Sep 18, 2011 at 11:22 AM, M.R. <makro...@gmail.com> wrote: > On 18/09/11 10:31, Ian G wrote: >>> On the other hand, a perfectly adequate low-level retail >>> transaction security system can best be achieved by using a >>> trusted-third-party, SSL-like system. >> >> That's a marketing claim. Best ignored in any scientific > >> discussion. > > Yes, I agree, let's ignore it! > > In your view then, is the alternative at all a public key based > crypto system? If yes, is it SSH (or SSH-like) "trust on first > contact" or something else?
It could vary. For low-security applications, like blog comments, yes, leap-of-faith will do. For a medium-security application, like shopping (where systems like credit card fraud protection render the risk to the user low), security bootstrapped from leap-of-faith + trust-building or trusted third parties will probably do. For high-security applications (like banking) you'll generally want to bootstrap security via something else, either an off-line interaction, or a trusted third party that can authenticate relatively few peers to you (and thus is probably more trustworthy w.r.t. verification of your peer's credentials). Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography