To:
Keith Moore <moore@cs.utk.edu>
Cc:
Steve Hanna <steve.hanna@sun.com>, Simon Josefsson <simon+keydist@josefsson.org>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
14 Jan 2002 18:58:16 -0500
In-Reply-To:
<200201142355.g0ENtji00892@astro.cs.utk.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject:
Re: looking for draft volunteers
Yea, but even if there is a framework with multiple levels of trust, a company that implements only "causual" trust can still claim to be "secure". Heck, companies claim to be secure when they use rot13. I don't think you can stop that from happening. -derek Keith Moore <moore@cs.utk.edu> writes: > > My point is that I think it's ok if we only solve > > the casual use problem. > > I think if we only solve the casual use problem, without defining > more trustworthy mechanisms, then marketers will tell customers > that the products that use these mechanisms are "secure", or > "trustworthy" when they're really only epsilon more trustworthy > than what we have now. > > OTOH, if we design a framework that allows multiple degrees of > trust, and multiple paths for establishing trust, the same products > that provide a casual level of security for things authenticated > solely by DNS, can also provide a higher level of security for > things authenticated by more trustworthy means. > > Keith -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available