[mnet-devel] Re: [web-calculus] YURLs
Zooko
zooko at zooko.com
Sun Jul 20 21:13:35 BST 2003
[adding Cc: mnet-devel.]
Trevor Perrin wrote:
>
> On the other hand, if you follow a secure URL / YURL / cryptoURL / whatever
> link in a browser, and it fails to verify, you might only give the user a
> warning, but let him view the page anyways.
For what it's worth, in Mnet if a file doesn't match its hash, then the user
sees nothing but an error message. This is how it should be in my opinion.
If it matches its hash but the encryption key is wrong, then user sees random
garbage -- whatever the ciphertext decrypts to under the incorrect key.
Hm -- *that* isn't good. In a future version of Mnet, an incorrect key will
also yield nothing but an error message.
(I can't think of any scenarios in which the current behavior could be
exploited, but it still seems sub-optimal.)
Regards,
Zooko
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
More information about the Mnet-devel
mailing list