exercise? Some
quirk of supporting certain types of hardware like nCipher boxes that do async
crypto/scatter-gather?
I've had to do this on environments where threads weren't a viable
option. See, for instance, my paper from USENIX Security 2002.
-Ekr
--
[Eric Rescorla
for
a user cert?
This isn't really true in the SSL case:
To a first order, everyone ignores any extensions (except sometimes
the constraints) and uses the CN for the DNS name of the server.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]
http
James A. Donald [EMAIL PROTECTED] writes:
--
James A. Donald
Or to say the same thing in different words -- why can't
HTTPS be more like SSH?Why are we seeing a snow storm
of scam mails trying to get us to login to e-g0ld.com?
Eric Rescorla
Because HTTPS is designed to let
storm of scam
mails trying to get us to login to e-g0ld.com?
Because HTTPS is designed to let you talk to people you've
never talked before, which is an inherently harder problem
than allowing you to talk to people you have.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED
James A. Donald [EMAIL PROTECTED] writes:
Eric Rescorla
Nonsense. One can simply cache the certificate, exactly as
one does with SSH. In fact, Mozilla at least does exactly
this if you tell it to. The reason that this is uncommon is
because the environments where HTTPS is used
Ian Grigg [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
True, although, that begs the question as
to how they learn. Only by doing, I'd say.
I think one learns a lot more from making
mistakes and building ones own attempt than
following the words of wise.
One learns by *practicing
for PKCS-1) but it's a long process. However, I don't
think it's helpful to design a new system that doesn't have any
obvious advantages over one of the standard systems.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]
http://www.rtfm.com/
turn a sou or two. And you can
bet the buyer wouldn't be doing any posting. With apologies
to Bon Ami, Hasn't cracked yet is not a compelling security
story.
It's vastly better than just designed last week by someone
who has no relevant experience
-Ekr
--
[Eric Rescorla