1994-12-02 - Re: Authentication at toad.com: WTF?

Header Data

From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 1caa442d9aa5dd4bb4403e7d4d7dd1df3167a6099126c6e3b07b38e6c7ea6e14
Message ID: <199412021621.IAA15589@largo.remailer.net>
Reply To: <9412010625.AA17536@anchor.ho.att.com>
UTC Datetime: 1994-12-02 15:22:31 UTC
Raw Date: Fri, 2 Dec 94 07:22:31 PST

Raw message

From: eric@remailer.net (Eric Hughes)
Date: Fri, 2 Dec 94 07:22:31 PST
To: cypherpunks@toad.com
Subject: Re: Authentication at toad.com: WTF?
In-Reply-To: <9412010625.AA17536@anchor.ho.att.com>
Message-ID: <199412021621.IAA15589@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)

   Trusting someone else's verification
   is less than ideal security policy :-)

But likewise, preventing folks from letting someone else (their legal
agent) perform verification for them is a less than ideal political
policy.

There are going to be lots of good reasons (mostly of cost) to use
agency relationship for security.  It would be profitable to
characterize the threats and come up with some solutions rather than
to deny that these things will happen.

Eric





Thread