Tyler Close
Wed, 17 May 2000 08:48:10 -0400

> Actually the SLS is not in the TCB except for being able to
> deny service by
> not including sites that actually hold the Private key.

For authenticated protocols, the SLS is not in the TCB. For
unauthenticated protocols, the SLS is in the TCB.

> The
> SLS needs no
> proof that a particular site is the right one, it merely
> accesses the site
> with https, hashes the public key from the resulting cert,
> establishes an
> SSL session which provides ample evidence that that site holds the
> corresponding private key.

The SLS provides a service that is useful to HTTP sites as well (a
name you own, redundancy, better mirror utilization, faster response
time to changes in routing information, no DMV of the internet). Since
HTTP sites represent the vast majority of sites, I want to be sure
that they can play too. I imagine NNTP and others could benefit for
the same reasons.

Also, the SLS can be independent of and ignorant of particular
schemes. By providing up front proof of the entry's validity, the SLS
need not know the logic of any scheme (ie: the SLS doesn't have to
know how to do HTTPS/SSL). This has significant software engineering
advantages, if not security advantages.

> Perhaps a crude reputation system for the SLSes could cast
> aspersions on
> SLSes that cited sites that could not resond to the public key.

This will be particularly important for unauthenticated schemes.


Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.