Allen wrote:
Hi Gang,
In a class I was in today a statement was made that there is no way that
anyone could present someone else's digital signature as their own because no
one has has their private key to sign it with. This was in the context of a
CA certificate which had it inside. I
Allen wrote:
Hi Gang,
In a class I was in today a statement was made that there is no way that
anyone could present someone else's digital signature as their own
because no one has has their private key to sign it with. This was in
the context of a CA certificate which had it inside. I tried
(Forwarded with permission from a NZ security mailing list, some portions
anonymised)
-- Snip --
[...] a register article saying Intel released its new platform Centrino Pro
which includes Intel Active Management 2.5. An article with some more info is
here:
At 06:28 AM 5/27/2007, Allen wrote:
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the digital signature, or open
On Thu, May 24, 2007 at 01:01:03PM -0400, Perry E. Metzger wrote:
Even for https, it costs no more to type in 2048 than 1024 into
your cert generation app the next time a cert expires. The only
potential cost is if you're so close to the performance line that
slower RSA ops will cause you
http://www.latimes.com/news/nationworld/world/la-fg-mexico25may25,0,7011563.story?coll=la-home-center
Mexico to boost tapping of phones and e-mail with U.S. aid
Calderon is seeking to expand monitoring of drug gangs; Washington also may
have access to the data.
By Sam Enriquez, Times Staff
The workshop was very interesting. Will the presentations or papers be
avalilable on the web soon?
http://events.iaik.tugraz.at/HashWorkshop07/program.html
Vlastimil Klima
-
The Cryptography Mailing List
Unsubscribe by
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
... [lengthy discussion about why on-line communication is better
than off-line for strangers becoming introduced to one another] ...
That may well be, but no claim was made that off-line communication is
as efficient as on-line for introducing and
Allen wrote:
Which lead me to the thought that if it is possible, what could be done
to reduce the risk of it happening?
It occurred to me that perhaps some variation of separation of duties
like two CAs located in different political environments might be used
to accomplish this by having
Allen,
I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be able to decrypt any
information encrypted
Two birds with one shot. :)
Ali, Saqib wrote:
I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be
* Victor Duchovni:
But no one is issuing certificates which are suitable for use with
SMTP (in the sense that the CA provides a security benefit). As far
as I know, there isn't even a way to store mail routing information in
X.509 certificates.
There is no need to store routing
On Sat 5/26/2007 at 8:59 PM Allen [EMAIL PROTECTED]
wrote:
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the
On Sat, 26 May 2007, Allen wrote:
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the digital signature, or open
Jim Dixon wrote:
[snip]
The CA certifies that X is your public key.
^
Who is you? That is the real question. To leave CAs out for the
moment, imagine J. Doe and J. Doe, two different people, each put
a public key on a server and you get a message created
Call for papers, submission deadline now June 15th.
The 4th International Security In Storage Workshop will be held
September 27, 2007 (Thursday) at Paradise Point Resort and Spa in San
Diego, California, USA. The workshop is co-located with the 24th IEEE
Conference on Mass Storage Systems
Many protocols use some form of self describing data format, for example
ASN.1, XML, S expressions, and bencoding.
Why?
Presumably both ends of the conversation have negotiated what protocol
version they are using (and if they have not, you have big problems) and
when they receive data, they
I just did some performance testing on a file server (debian 4.0) and
thought I'd share the figures, both raw and using the luks
cryptosystem described here:
http://luks.endorphin.org/about
Here's the specs:
AMD Athlon 64 x2 3600+ (1800MHz)
2GB 800MHz DDR2 ECC DRAM
Asus M2N32WS motherboard
Apparently, last February IBM lost some tapes with employee data.
Yesterday, I received a notification from them, which I scanned and put
(slightly redacted) in http://www.tla.org/private/ibmloss1.pdf for
your amusement.
Now, I haven't worked for IBM in a long time, and since then I have
moved
19 matches
Mail list logo