I am not familiar enough with the protocol to answer this question:
is it possible for an evil SSL server to send packets such that it
ends up with an arbitrary signature from a client? I'm trying to
emphasize the importange of keyUsage bits. :)
Thanks.
--- begin forwarded text
From: [EMAIL PROTECTED]
Date: Tue, 17 Oct 2000 13:06:30 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: NSA wants it all
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
http://foxnews.com/vtech/101700/nsa_fox.sml [snipped]
#
#War of the Web
#NSA prepares the
--- begin forwarded text
Date: Tue, 17 Oct 2000 14:13:15 -0400
To: [EMAIL PROTECTED]
From: John Young [EMAIL PROTECTED]
Subject: NSA Releases Reorg Reports
Sender: [EMAIL PROTECTED]
Reply-To: John Young [EMAIL PROTECTED]
NSA released today on its Web site two reports on
its reorganization,
http://ap.tbo.com/ap/breaking/MGA5JU6YFEC.html
Oct 17, 2000 - 03:02 PM
LONDON (AP) - The mystery of the Enigma continues.
After disappearing from a museum on April Fool's Day, a World War
II-era encryption machine turned up Tuesday - in the mailroom of the
British Broadcasting Corp.
The
--- begin forwarded text
To: [EMAIL PROTECTED]
From: Jim McCoy [EMAIL PROTECTED]
Subject: [Mojonation-devel] New mojonation-ports list
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-Id: For developers hacking Mojo Nation code
mojonation-devel.lists.sourceforge.net
Date: Tue, 17 Oct
Other choices?
Identity Theft
Identity Pollution
Identity Vandalism
Identity Assault
Identity Misappropriation
(Slander in the First Person :)
Would it matter if we substitute "reputation" for "identity". Is my
identity
(to others) any different than
The bibliography of an NSA reorganization report
released today lists several entries under "Unified
Cryptologic Architecture" as well as a "U.S. Cryptologic
Strategy - Preparing for the 21st Century."
There is also a citation of "SINEWS - GCHQ Modernization
and Change Program."
We would
Tony,
Your examples were so bad!
;-) of course, I meant "good" as in that new IBM commercial where the IBM guy says that
the IBM laptop is "bad" ;-)
I appreciate your comments and, yes, very often society uses contrary words to
mean another thing.
But if we step aside a bit from the
I am not familiar enough with the protocol to answer this question:
is it possible for an evil SSL server to send packets such that it
ends up with an arbitrary signature from a client? I'm trying to
emphasize the importange of keyUsage bits. :)
This is not possible without unreasonable
On Tue, Oct 17, 2000 at 12:02:35PM -0400, [EMAIL PROTECTED] wrote:
I am not familiar enough with the protocol to answer this question:
is it possible for an evil SSL server to send packets such that it
ends up with an arbitrary signature from a client? I'm trying to
emphasize the importange
The only time the client signs something is when the
server requests client auth. In TLS, the client signs MD5 and/or SHA1
hashes of the TLS handshake messages that have passed between
the client and server at that point in the protocol.
In SSLv3, it signs an MD5 and/or SHA1 HMAC-like
11 matches
Mail list logo