Maybe It's Snake Oil All the Way Down
James A. Donald
jamesd at echeque.com
Fri Jun 6 16:24:44 PDT 2003
--
On 4 Jun 2003 at 20:58, Anne & Lynn Wheeler wrote:
> it is relatively trivial to demonstrate that public keys can
> be registered in every business process that currently
> registers shared- secrets (pins, passwords, radius, kerberos,
> etc, etc)
I don't think so.
Suppose the e-gold, to prevent this sea of spam trying to get
people to login to fake e-gold sites, wanted people to use
public keys instead of shared secrets, making your secret key
the instrument that controls the account instead of your shared
password.
They could not do this using the standard IE webbrowser. They
would have to get users to download a custom client, or at
least, like hushmail, a custom control inside IE.
HTTPS assumes that the certificate shall be blessed by the
administrator out of band, and has no mechanism for using a
private key to establish that a user is simply the same user as
last time.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
q1a1Whb1YeRws7qoDm6h15qfDstFHciUyP2I4fte
42lCFXf0IqXfh5Mz2mFtznxv6N40EuqpKvQJhLBgS
More information about the cypherpunks-legacy
mailing list