for voice, video, file transfer, etc. And such relays might just live
on those little home devices that Perry is talking about, separate
from the cloud.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools
with the usage pattern
almost everyone has gotten used to. It cannot be done with the
existing cloud model, though -- the user needs to own the box or we
can't simultaneously maintain current protocols (and thus current
clients) and current usage patterns.
I very much agree.
Peter
- --
Peter Saint
and deployments?
Thanks!
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net
idea of a network of friends (maybe
it's because I've worked on Jabber for so long, but I like the idea of
leveraging your buddy list for many interesting features, including data
backup and mix networking).
Peter
--
Peter Saint-Andre
https://stpeter.im
stuff is happening now (LinkedIn and the
like). In a way the old-fashioned letter of introduction had a lot to
recommend it. :-)
Peter
--
Peter Saint-Andre
https://stpeter.im/
___
The cryptography mailing list
cryptography@metzdowd.com
http
, but secure technologies for individuals.
Peter
--
Peter Saint-Andre
https://stpeter.im/
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
-wouters-dane-otrfp/
Peter
--
Peter Saint-Andre
https://stpeter.im/
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
-- I'll
post more soon.
Peter
--
Peter Saint-Andre
https://stpeter.im/
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
/
The root CA is StartCom, which is accepted in Mozilla, OS X, and various
other cert stores. I've noticed that these certs are becoming quite
popular on the XMPP network (plus, they result none of those cert
warnings that scare of normal users).
/plug
Peter
--
Peter Saint-Andre
https
Stefan Kelm wrote:
Wells Fargo is requiring their online banking customers to provide
answers to security questions such as these:
Does Wells Fargo really use the term security question here?
Yes it does. I'm a Wells Fargo customer and I had to set my security
questions yesterday in order
Wells Fargo is requiring their online banking customers to provide
answers to security questions such as these:
***
What is name of the hospital in which your first child was born?
What is your mother's birthday? (MMDD)
What is the first name of your first roommate in college?
What is the name
Chris Kuethe wrote:
On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre [EMAIL PROTECTED] wrote:
Wells Fargo is requiring their online banking customers to provide answers
to security questions such as these:
***
...
***
It strikes me that the answers to many of these questions might be public
[EMAIL PROTECTED] wrote:
With the caveat that I am reading mail in
reverse order (i.e., panic-mode), I do have
to say one thing and it isn't even to mount a
stirring defense of Kerberos, which does not
need defending anyhow...
The design space for practical network security
has always been:
established a dedicated Intermediate Certification
Authority for issuing digital certificates to admins of XMPP servers:
https://www.xmpp.net/
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic
to come up with
human interfaces to these systems that actually allow them to work
effectively in the human world.
So how do we abstract from or extend what (somewhat) works in the real
world to something that might work in the online world?
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http
FreeFreeFree
Have you looked at StartCom?
https://cert.startcom.org/
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
Ian G wrote:
Chris Palmer wrote:
Peter Saint-Andre writes:
http://www.saint-andre.com/blog/2006-02.html#2006-02-27T22:13
3. I see on your site you use and advertise for CACert. I hope CACert's
signing cert(s) are never trusted by my browser, because then my browser
would trust any cheap
+ SASL-EXTERNAL if
you want true server-to-server authentication). So I'd say the abuse and
identity problems are not as bad in IM (at least the IM technology I'm
familiar with) as in email. But you'd hope that we've learned a thing or
two since email was invented. ;-)
Peter
--
Peter Saint-Andre
Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
Victor Duchovni wrote:
On Wed, Mar 08, 2006 at 12:53:16PM -0700, Peter Saint-Andre wrote:
These are closed systems that compete with each other, once
they become federated, they can no longer compete on end-to-end
security, because that is a property of the interoperability
framework
bear wrote:
On Fri, 24 Feb 2006, Peter Saint-Andre wrote:
Personally I doubt that anything other than a small percentage of email
will ever be signed, let alone encrypted (heck, most people on this list
don't even sign their mail).
I don't think I've said anything here that I
in that
(or any other) case if you've got a client-server architecture. Granted,
e2e security is also desirable.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
Alaric Dailey wrote:
I am aware of Jabbers support for GPG/PGP, but did I miss their support
for user certificates? I have seen no indication of such support, what
client supports it?
RFC 3923.
But no clients support that yet to my knowledge.
Peter
smime.p7s
Description: S/MIME
and it doesn't support
perfect forward security etc. Another possible approach being discussed
is here:
http://www.jabber.org/jeps/jep-0116.html
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
Adam Back wrote:
Well I think security in IM, as in all comms security, means security
such that only my intended recipients can read the traffic. (aka e2e
security).
I don't think the fact that you personally don't care about the
confidentiality of your IM messages should argue for not doing
by
Microsoft. Personally, I find CAcert to be an interesting experiment in
webs of trust.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
(or if you've connected via SSL on the
old-style port 5223). Decide for yourself if that's secure and whether
the iChat warning is justified.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
Rich Salz wrote:
Is it possible for two web sites to arrange for cross
logins?
Check out SAML, esp the browser artifact profile.
Check out Passel, which lacks the complexity of SAML:
http://www.passel.org/
Peter
smime.p7s
Description: S/MIME Cryptographic Signature
On Tue, Mar 15, 2005 at 02:14:48PM -0500, Ian Goldberg wrote:
OTR works over Jabber today. Granted, it's not very Jabberish (as far
as I understand the term; I don't know the Jabber protocol very well):
it just replaces the text of the message with ciphertext. [gaim, at
least, doesn't seem
29 matches
Mail list logo
