From: “Jeff Weinstein” <jsw@netscape.com>
To: David_A Wagner <daw@cs.berkeley.edu>
Message Hash: e367b7523042759a5c88e40cf7732c32b41f46423abdc213b04ac3f69e451b27
Message ID: <9509201745.ZM206@tofuhut>
Reply To: <199509210016.RAA20367@guaymas.CS.Berkeley.EDU>
UTC Datetime: 1995-09-21 00:49:02 UTC
Raw Date: Wed, 20 Sep 95 17:49:02 PDT
From: "Jeff Weinstein" <jsw@netscape.com>
Date: Wed, 20 Sep 95 17:49:02 PDT
To: David_A Wagner <daw@cs.berkeley.edu>
Subject: Re: netscape's response
In-Reply-To: <199509210016.RAA20367@guaymas.CS.Berkeley.EDU>
Message-ID: <9509201745.ZM206@tofuhut>
MIME-Version: 1.0
Content-Type: text/plain
On Sep 20, 5:16pm, David_A Wagner wrote:
> Subject: Re: netscape's response
> In article <9509200139.ZM206@tofuhut> you write:
> > On Sep 20, 12:29am, Christian Wettergren wrote:
> > > One wild idea that I just got was to have servers and clients exchange
> > > random numbers (not seeds of course), in a kind of chaining way. Since
> > > most viewers connect to a number of servers, and all servers are
> > > connected to by many clients, they would mix "randomness sources" with
> > > each other, making it impossible to observe the local environment
> > > only. And the random values would of course be encrypted under the
> > > session key, making it impossible to "watch the wire".
> >
> > Wow, this is a great idea!!
>
> Are you quite sure this is a good idea?
>
> I'd be very scared of it. In particular, it opens up the chance for
> adversaries to feed you specially chosen numbers to pollute your seeds.
What I should have said is that its a very interesting idea. Given
current perceptions of netscape, I should have made clear that I
wouldn't do something like this without getting a lot more discussion
and review of possible dangers and how to avoid them. I certainly
can't fault anyone for wondering if we would just implement this
without thinking it through, given recent events.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to September 1995
Return to ““Jeff Weinstein” <jsw@netscape.com>”
Unknown thread root