We're starting to tread into very philosophical territory. I'd argue that
users on the Silk Road (sellers especially) are, in fact, authenticated
over very informal separate secure channels.
One "secure channel" is that of the Silk Road website itself. By being on
the website, it lends some creden
Precisely. You have no way of knowing anything about the alleged identity
behind a key without having some form of interaction through a secure channel
(like real-world interaction).
On Jun 7, 2013, at 3:53 PM, Florian Weimer wrote:
> Practically speaking, this is true. Maybe I'm a bit naïve
On Fri, Jun 07, 2013 at 10:02:51AM +0300, ianG wrote:
> The big example here is of SSL. In v1 it was vulnerable to MITM,
> which was theoretically claimed to make it 'insecure'. In practice
> there was no evidence of a threat, and still little real evidence of
> that precise threat. Fixing the M
So basically, the way around having one insecure channel is to use so many
insecure channels that the same attacker can't control them all. Which IRL
means you run around between computers and check if what you published is
available under the exact identity/keys you specified, and keep making up
n