Maybe It's Snake Oil All the Way Down

Jamie Lawrence jal at jal.org
Fri Jun 6 19:08:57 PDT 2003


On Fri, 06 Jun 2003, James A. Donald wrote:

> Suppose the e-gold, to prevent this sea of spam trying to get
> people to login to fake e-gold sites, wanted people to use
> public keys instead of shared secrets, making your secret key
> the instrument that controls the account instead of your shared
> password.

Why does e-gold have any interest in what people do on other sites?
 
> HTTPS assumes that the certificate shall be blessed by the
> administrator out of band, and has no mechanism for using a
> private key to establish that a user is simply the same user as
> last time. 

Yes. There's a virtue there. Knowing a secure channel exists is
frequently more important than who is on the other line. For example,
What's my favorite brand of lighter?


You live in a Bob's cold, dark cave, where you hate life. Insert water
dripping and scabs until you're amused. You have the chance to contact,
and maybe move to, Alice's bright, warm cave. Sounds good to you. How to
authenticate the offer?

Replay various notions of various fiction writers, here.

The problem is interesting. Solved, but interesting. Very few folks have
reason to help you authenticate them. Deal.

Even if people don't understand what https (and ssl) do, they still
serve a purpose. Even if it isn't the one you wanted solved. And if
there were a problem worth solving, would it be unsolved?

I'll refrain from asking how many people use digsigs, and what that
solves. Only because that's rude.

None of this solves life for average banking customers, but I think
"this" is something that "they" are willing to ignore. Most people seem
to trust one another. What do you do?

-j

-- 
Jamie Lawrence                                        jal at jal.org
"The sign that points to Boston doesn't have to go there."
   - Max Scheler





More information about the cypherpunks-legacy mailing list