[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netscape's response
NOTE: my first attempt to send this bounced at toad.com
On Sep 20, 5:16pm, David_A Wagner wrote:
> Subject: Re: netscape's response
> In article <9509200139.ZM206@tofuhut> you write:
> > On Sep 20, 12:29am, Christian Wettergren wrote:
> > > One wild idea that I just got was to have servers and clients exchange
> > > random numbers (not seeds of course), in a kind of chaining way. Since
> > > most viewers connect to a number of servers, and all servers are
> > > connected to by many clients, they would mix "randomness sources" with
> > > each other, making it impossible to observe the local environment
> > > only. And the random values would of course be encrypted under the
> > > session key, making it impossible to "watch the wire".
> >
> > Wow, this is a great idea!!
>
> Are you quite sure this is a good idea?
>
> I'd be very scared of it. In particular, it opens up the chance for
> adversaries to feed you specially chosen numbers to pollute your seeds.
What I should have said is that its a very interesting idea. Given
current perceptions of netscape, I should have made clear that I
wouldn't do something like this without getting a lot more discussion
and review of possible dangers and how to avoid them. I certainly
can't fault anyone for wondering if we would just implement this
without thinking it through, given recent events.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.