[cryptography] Nirvana

Nico Williams nico at cryptonector.com
Thu Sep 22 18:33:57 EDT 2011

On Sun, Sep 18, 2011 at 11:22 AM, M.R. <makrober at gmail.com> wrote:
> On 18/09/11 10:31, Ian G wrote:
>>> On the other hand, a perfectly adequate low-level retail
>>> transaction security system can best be achieved by using a
>>> trusted-third-party, SSL-like system.
>> That's a marketing claim. Best ignored in any scientific
>> discussion.
> Yes, I agree, let's ignore it!
> In your view then, is the alternative at all a public key based
> crypto system? If yes, is it SSH (or SSH-like) "trust on first
> contact" or something else?

It could vary.

For low-security applications, like blog comments, yes, leap-of-faith will do.

For a medium-security application, like shopping (where systems like
credit card fraud protection render the risk to the user low),
security bootstrapped from leap-of-faith + trust-building or trusted
third parties will probably do.

For high-security applications (like banking) you'll generally want to
bootstrap security via something else, either an off-line interaction,
or a trusted third party that can authenticate relatively few peers to
you (and thus is probably more trustworthy w.r.t. verification of your
peer's credentials).


More information about the cryptography mailing list