Anne Lynn Wheeler wrote:
it would be really great to make it an excuse to move away from offline
paradigm to real online operation ... getting totally rid of the need for
domain name certificates ... DNS serving up both ip-addresses and public
keys in single operation.
That can't happen
On 22 May 2007 14:51, Trei, Peter wrote:
In fairness, its worth noting that the issue is also mixed up
in Estonian electoral politics:
http://news.bbc.co.uk/1/hi/world/europe/6645789.stm
The timing of the electronic attacks, and the messages left by
vandals, leave little doubt that the
Ivan Krstić wrote:
That can't happen until we make sure you can trust DNS, which in turn
can't happen until we get a concrete proposal that has clearly defined
goals and isn't braindead. As has been amply pointed out, it's not clear
that DNSSEC will cut it anytime soon.
A big part of the issue
somewhere over the yrs the term certification authority was truncated
to certificate authority ... along with some impression that
certificates are being sold (as opposed to certification processes).
When I pay $14.95 for a certificate, with the investigation of my bona
fides limited to clicking
For the math weenies on the list, see the full announcement here:
http://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind0705L=nmbrthryT=0P=1019.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by
Victor Duchovni [EMAIL PROTECTED] writes:
As 1024 RSA keys are not a major risk *today*,
I would go further and say that for most applications of PKCs/PKI today, 1024-
bit RSA keys are not a risk at all, or more specifically that on a scale of
risk they're so far down the list that they're close
* Victor Duchovni:
That's good of you not to expect it, given that zero of the major CAs
seem to support ECC certs today, and even if they did, those certs
would not work in IE on XP.
We are not talking about this year or next of course. My estimate is
that Postfix releases designed this