[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netscape's response



On Sep 20,  5:16pm, David_A Wagner wrote:
> Subject: Re: netscape's response
> In article <9509200139.ZM206@tofuhut> you write:
> > On Sep 20, 12:29am, Christian Wettergren wrote:
> > > One wild idea that I just got was to have servers and clients exchange
> > > random numbers (not seeds of course), in a kind of chaining way. Since
> > > most viewers connect to a number of servers, and all servers are
> > > connected to by many clients, they would mix "randomness sources" with
> > > each other, making it impossible to observe the local environment
> > > only. And the random values would of course be encrypted under the
> > > session key, making it impossible to "watch the wire".
> > 
> >   Wow, this is a great idea!!
> 
> Are you quite sure this is a good idea?
> 
> I'd be very scared of it.  In particular, it opens up the chance for
> adversaries to feed you specially chosen numbers to pollute your seeds.

  What I should have said is that its a very interesting idea.  Given
current perceptions of netscape, I should have made clear that I
wouldn't do something like this without getting a lot more discussion
and review of possible dangers and how to avoid them.  I certainly
can't fault anyone for wondering if we would just implement this
without thinking it through, given recent events.

	--Jeff




-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.