[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: nym-0.2 released (fwd)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: nym-0.2 released (fwd)
From: Adam Langley <agl@xxxxxxxxxxxxxxxxxx>
Date: Sun, 2 Oct 2005 03:21:41 +0100
Cc: cyphrpunk@xxxxxxxxx, cryptography@xxxxxxxxxxxx
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sat, 01 Oct 2005 22:21:55 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TeAMCsJtTsiiO+cWQHDvA8oWme4Zwe7TUi3EHbQgZDYg8NABj2PdXqVb/efpXtcnpwDRdw0S0IFHxKByFpbqbZh8LvqiADB+oJooYRQePxuZ2aUzCzK0d1h74j3gyI/Ka5+EgAOQoVEuKCftcxa3qfTAVlakvKqmKxopzxzkq5Y=
In-reply-to: <Pine.LNX.4.63.0510012300460.11649@pl2.zayda.com>
References: <Pine.LNX.4.63.0510010218470.11649@pl2.zayda.com> <792ce4370510011527k237297cbrf587dc58f1db4c1c@mail.gmail.com> <Pine.LNX.4.63.0510012300460.11649@pl2.zayda.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

cyphrpunk:
> Each link in this chain has to trust all the
> others. ... any of these can destroy the security properties
> of the system.

Dude, we're not launching missiles here, it's just Wikipedia.

On 10/2/05, Jason Holt <jason@xxxxxxxxxxxx> wrote:
> The reason I have separate token and cert servers is that I want to end up
> with a client cert that can be used in unmodified browsers and servers.

First, how do you add client certificates in modern browsers? Oh,
actually I've just found it in Firefox, but what about
IE/Opera/whatever else? Can you do it easily?

The blinded signature is just a long bit string and it might well be
better from a user's point of view for them to 'login' by pasting the
base64 encoded blob into a box.

Just a thought (motivated in no small part by my dislike for all things x509ish)

> > privacy and is vulnerable to future exposure due to the lack of
> > forward secrecy.

The lack of forward secrecy is pretty fundamental in a reputation
based system. The more you turn up the forward secrecy, the less
effective any reputation system is going to be.

And I'm also going to say well done to Jason for actually coding
something. There do seem to be a lot couch-geeks on or-talk - just
look at the S/N ratio on the recent wikipedia threads. It might not
work, but it's *something*. No amount of talk is going to suddenly
become a solution.

AGL

--
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60

References:
- Re: nym-0.2 released (fwd)
  - From: cyphrpunk
- Re: nym-0.2 released (fwd)
  - From: Jason Holt

Next by Author: Re: Wanted: Brave, hacker, exit node operator
Previous by thread: Re: nym-0.2 released (fwd)
Next by thread: Re: nym-0.2 released (fwd)
Index(es):
- Author
- Thread