Announcing Droplets

Wed, 29 Sep 1999 18:06:48 -0700

Another possible problem droplets may have, depending on how the https handshake works.  Let's say the authentication of fudco.com is fine, for some some adequate meaning of fine, when you dereference 

     https://www.fudco.com/blah.html

The question: Might the handshake reveal the full URL to an outside observer, or to an alleged fudco that fails to authenticate?  If so, then in your scheme a thief can steal the swiss number.

At 05:05 PM 9/28/99 , Tyler Close wrote:
>So, if I had a com.waterken.sea.currency.Currency purse
>containing the rights to some e-gold, could I not
>anonymously transfer those into someone else's purse, using
>only the cap for the other purse.
>
>I don't know who else has the cap for that purse. The
>receiver doesn't know who added to their purse. Is this not
>double blind?

"blind" in this context should refer to specifically to Chaumian-style blinding, or at least to a system providing a logically equivalent form of unlinkability.  My favorite explanation is http://www.best.com/~szabo/bearer_contracts.html  Blinding / unlinkability is a stronger form of anonymity than anything which E currently provides, or even E on top of Freedom.  I suggest you issue a correction on any other list on which you may have sent the original announcement.

         Cheers,
         --MarkM