On Tue, Jul 03, 2001 at 08:29:49PM +0200, Oskar Sandberg wrote:
> > I think you misunderstand Oskar. He doesn't think that there should be
> > any publicly known trusted nodes, which rules out a trusted website,
> > and/or a friend who has widely distributed their node reference.
>
> No, you misunderstand me.
>
> I don't want the code to automatically poll or connect to any central
> element.
Obviously, but why not if the user is informed of the risk?
> How people go about it getting ahold of the reference is beyond
> our control. I agree with Tavin - it should be easy to cn'p in a
> reference, and we cannot stop users from going to a website or using
> email (which is also insecure).
Of course, the ease with which someone can select a seed node once they
have found it is beside the point, the debate is:
Firstly, you assume it isn't possible to create an automatic mechanism
through which people can aquire nodes which can't be circumvented by Dr
Evil - I don't think this is nescessarily true.
Secondly, you don't think that we should entrust users with the option
to take-advantage of such a mechanism, even if they are informed of the
risks, and even though the inevitable result will be that most users
will resort to some public mechanism over which we have no control.
Let's stick to the core issues.
Ian.
PGP signature
