[10159] in cryptography@c2.net mail archive
Authenticating logos
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Wed Jan 16 13:22:41 2002
From: "Amir Herzberg" <amir@beesites.co.il>
To: <cryptography@wasabisystems.com>,
"'SPKI Mailing List'" <spki@wasabisystems.com>
Date: Wed, 16 Jan 2002 17:38:29 +0200
Message-ID: <000501c19ea3$d94c5200$323cfea9@newgenpay>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <kjofjwmr9z.fsf@romeo.rtfm.com>
Eric said,
> I didn't say that it wasn't possible to secure logos. I said that
> you couldn't protect people who trusted logos that were transmitted
> to them in Web pages. This is not the same thing. The point is
> that such logos are transmitted in-band and are part of the web
> page. Therefore, they are not cryptographically verified.
It is a pity that logos are not authenticated by SSL and displayed in a
separate window. We've done an experimental implementation of a
secure-logo, as a special frame in the browser, controlled by a (local
or remote but in any case trusted) proxy. The proxy validates that the
server has a certificate for the logo; standard SSL certificates may not
provide this, but they can contain an address where the proxy can go get
the necessary additional certificates.
If anybody is interested in taking this project further, I'll be happy
to help.
Best,
Amir Herzberg
See http://amir.beesites.co.il for link to lectures and draft-chapters
on `secure communication and commerce using cryptography`; feedback
welcome!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
