The recent conversation on SSL where Eric Rescorla was lampooned for
saying (in effect) "I've tried it on several occasions and it seemed to
work, therefore it must be trustworthy" to which he responded "actually,
that's a pretty reasonable way of assessing safety in systems where
there's no attacker specifically targeting you" prompted me to ask this
... if a system claims to give you anonymity, how do you (as a user)
assess that claim? I find it hard to imagine how you can even know
whether it "seems to work", let alone has some subtle problem.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
