Ram0502 wrote:
There are two paradigms:
a) An identity exists as a meta-category, and someone or something
...
I don't think that the two you list are the only two options. To me
they read as the two sides of the binary assertions "we can depend on
perfection from this part of the system." ...
> When you soften (a) to require a high
probability of accuracy rather than perfection you end up with a
component you can build on.
"High probability" is good enough for manual transactions - such as the
credit cards in a store... But when a small level of uncertainty opens a
possibility for *huge* exploits, the confidence level better as high as
possible.
Presenting the site's key fingerprint to the user as a matter of course
seems more and more like something that can not be avoided.
CDR
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
