Firewall Wizards mailing list archives
Privacy (Was Re: Rant (Was Re: ...FTP...))
From: John McDermott <jjm () jkintl com>
Date: Tue, 20 Apr 99 10:03:04
--- On Mon, 19 Apr 1999 07:45:49 -0700 David LeBlanc <dleblanc () mindspring com> wrote:
I also think we're going to lose much of the anonymity we currently have
as
we move forward. As with most things, this will be both good and bad. I'll leave that argument to another thread.
OK, I'll bite. I agree with you to a limited extent, but don't protocols such as the initial Diffie-Helman (which provided key establishment, really, without authentication) provide a sort of anonymity? Sure, with anonymity one is subject to MITM attacks, etc., but it can be done. There are schemes being developed (although I know personally of no widespread deployment) for anonymous purchasing transactions. My question is: is there a benefit to deploying a system where we can provide anonymity, but still authenticate? That is, can I send a message to a list, for example, as "Joe Blow", which is not my real name :-), but still provide, say, a certificate in the name of Joe which assures the readers that I am Mr. Blow? Is there a benefit in that (or in other anonymity for that matter)? I can do this now by getting a certificate from Thawte in any name I want to. Presumably I can do that from other CA's too. Maybe we can even create a special CA for "certificates of anonymity". This would allow the secure transfer of files (as mentioned in the message which started this thread) and allow the provider of the file to contact the anonymous "accesser" securely, without ever revealing anyone's identity. The question as I see it is, "what good is the anonymity?" If we can answer that, we can possibly provide the system and reap the benefits. Maybe this should move to phil-sec? --john ------------------------------------- Name: John McDermott VOICE: +1 505/377-6293 FAX +1 505/377-6313 E-mail: John McDermott <jjm () jkintl com> Writer and Computer Consultant -------------------------------------
Current thread:
- Privacy (Was Re: Rant (Was Re: ...FTP...)) John McDermott (Apr 21)
- Re: Privacy (Was Re: Rant (Was Re: ...FTP...)) Adam Shostack (Apr 22)
- <Possible follow-ups>
- Re: Privacy (Was Re: Rant (Was Re: ...FTP...)) John McDermott (Apr 22)
- Re: Privacy (Was Re: Rant (Was Re: ...FTP...)) Ryan Russell (Apr 22)