Announcing Droplets
Ben Laurie
ben@algroup.co.uk
Thu, 30 Sep 1999 13:07:25 +0100
"Mark S. Miller" wrote:
>
> At 07:42 PM 9/28/99 , Tyler Close wrote:
> >I think I am understanding something here that I didn't
> >before. Are you suggesting that inter-Cistern communication
> >is not possible? If so, then I need to disagree.
> >...
> >To make an analogy to the E case, the web site name is the
> >VatID. Using the existing PKI, we can validate the
> >encryption key given by the site. Granted, using the
> >existing PKI sucks compared to E's VatID, but on the other
> >hand, the existing PKI exists.
>
> You are correct that I was indeed misunderstanding the logic of your URLs
> in this way. I was (and am) taking the swiss number seriously, as
> providing the equivalent of the E's swiss numbers. However, I was not
> taking the HTTPS URL authentication seriously. Turns out, I don't know
> what the browser is supposed to be doing here.
>
> When you feed an HTTPS compliant browser a URL such as
>
> https://www.fudco.com/blah.html
>
> I know that it establishes an SSL link. I know that it I then click on the
> key-or-lock-or-whatever icon (or otherwise request security info for the
> current page) I find the server's authenticated identity according to
> conventional CA-hierarchy notions, rooted in identities my browser is
> configured to trust as a naming root. However, ignoring the requestable
> security info, what authentication does the browser do of the URL
> itself? If a conforming browser (or url-fetching library, for that matter)
> successfully dereferences that URL, in what sense can we say we know we are
> getting data from the real fudco.com?
What do you mean "ignoring the requestable security info"? If you ignore
that, you aren't doing SSL. You know you are getting data from fudco.com
because they have a certificate that says so.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi