glad those days are over.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
On Fri, 24 Nov 2000, John Kelsey wrote:
At 04:47 PM 11/22/00 -0800, Bram Cohen wrote:
Once again, the solution to the problems of offline
operation appears to be online operation.
And the annoying thing about this is that once we go to
needing an online trusted third party to allow us
for an offline world.
Yes, it seems fairly well established that revocations just plain don't
work.
Once again, the solution to the problems of offline operation appears to
be online operation.
-Bram Cohen
? (Otherwise, SSL would not even come
into the picture.)
No, the attacker interferes with the very first connect to www.amazon.com,
probably at the DNS level, and that's almost always done plaintext.
-Bram Cohen
.
-Bram Cohen
On Mon, 20 Nov 2000, Arnold G. Reinhold wrote:
Perry's last sentence gets to the heart of the matter. If CAs
included a financial guarantee of whatever it is they are asserting
when they issue a certificate, then all these problems would go away.
They aren't going to.
-Bram Cohen
On Sat, 18 Nov 2000, Ben Laurie wrote:
Bram Cohen wrote:
And if you build a protocol which is a pain to use, noone will use it.
What, like SSL, for example?
SSL is not a pain to use, and it isn't effective against man in the middle
attacks, since an attacker could simply make the end
to amazon.hackeddomain.com, and then
proxy to amazon.com - now even SSL says the connection is safe.
-Bram Cohen
On Sat, 18 Nov 2000, Ben Laurie wrote:
Bram Cohen wrote:
Unless that problem is fixed, man in the middle is hardly made more
difficult - for example, Mallory could break into some random machine on
the net and steal it's public key, then hijack local DNS and when someone
goes
-invasiveness. Alternatives are
identified.
In the vast majority of cases, preventing man in the middle attacks is a
waste of time.
-Bram Cohen
On Thu, 16 Nov 2000 [EMAIL PROTECTED] wrote:
Bram Cohen writes:
In the vast majority of cases, preventing man in the middle attacks is a
waste of time.
In the sense that, in the vast majority of communications, there is no
man in the middle attack being mounted?
Yes.
Couldn't
on that something is true".
Of course, the idea that you could 'prevent the denial of an act' is
completely wrong. The explanation "All this fancy-schmancy crypto stuff is
bullshit" is pretty much universally applicable.
-Bram Cohen
actually forced to show up in court.
NIST threatening a big scary anti-trust lawsuit against anyone who tries
to pull something with the AES is quite laudable and more than I'd have
expected them to do.
-Bram Cohen
13 matches
Mail list logo
