James A. Donald [EMAIL PROTECTED] writes:
But is what they are doing wrong?
The users? No, not really, in that given the extensive conditioning that
they've been subject to, they're doing the logical thing, which is not paying
any attention to certificates. That's why I've been taking the
Ian Grigg's blog has a neat tongue-in-cheek review of the year in security.
Here's a sample:
Browser manufacturers have moved slightly faster than your average glacier.
Microsoft moved forward by announcing that phishing was a browser problem
(Mozilla and KDE followed 8 months later), and
You know, as a security person, I say all the
time that the greatest threat is internal threat,
not external threat. In my day job, I/we make
surveillance tools to prevent data threat from
materializing, and to quench it if it does anyhow.
I tell clients all day every day that when the
opponent
David G. Koontz wrote:
Yet President Bush as publicly stated it requires a court order to
wiretap:
Secondly, there are such things as roving wiretaps. Now, by the way,
any time you hear the United States government talking about wiretap,
it requires -- a wiretap requires a court order.
Philipp =?utf-8?q?G=C3=BChring?= [EMAIL PROTECTED] writes:
What is wrong with the following black-box test?
* Open browser
* Go to a dummy CA's website
* Let the browser generate a keypair through the keygen or cenroll.dll
* Import the generated certificate
* Backup the certificate together with
Hi Peter,
Easily solveable bureaucratic problems are much simpler than unsolveable
mathematical ones.
Perhaps there is some mis-understanding, but I am getting worried that the
common conception seems to be that it is an unsolveable problem.
What is wrong with the following black-box test?
| | But is what they are doing wrong?
| |
| | The users? No, not really, in that given the extensive conditioning
that
| | they've been subject to, they're doing the logical thing, which is not
paying
| | any attention to certificates. That's why I've been taking the
(apparently
| | somewhat
Does anyone know of any 'standard' [*] ways of encrypting private keys in the
usual PKCS #8 format without using password-based encryption? It is obviously
not hard to do, as you can stick whatever you like into the encryptionAlgorithm
field, so it would be easy to specify an plain encryption
On 12/23/05, Peter Gutmann [EMAIL PROTECTED] wrote:
PKI in browsers has had 10
years to start working and has failed completely, how many more years are we
going to keep diligently polishing away before we start looking at alternative
approaches?
There have been several long threads over on
In message [EMAIL PROTECTED], Philipp =?utf-8?q?G=C3=BChrin
g?= writes:
Hi Peter,
Easily solveable bureaucratic problems are much simpler than unsolveable
mathematical ones.
Perhaps there is some mis-understanding, but I am getting worried that the
common conception seems to be that it is an
BTW, illustrating points made here, the cert is for
financialcryptography.com
but your link was to www.financialcryptography.com. So of course Firefox
generated a warning
Indeed and even if that gets fixed we still have
to contend with:
* the blog software can't handle the nature
[EMAIL PROTECTED] writes:
You know, as a security person, I say all the time that the greatest
threat is internal threat, not external threat. In my day job, I/we
make surveillance tools to prevent data threat from materializing, and
to quench it if it does anyhow. I tell clients all day
12 matches
Mail list logo