On Tue, Oct 8, 2013 at 7:38 AM, Jerry Leichter leich...@lrw.com wrote:
On Oct 8, 2013, at 1:11 AM, Bill Frantz fra...@pwpconsult.com wrote:
If we can't select ciphersuites that we are sure we will always be
comfortable with (for at least some forseeable lifetime) then we urgently
need the
On Wed, Oct 9, 2013 at 12:44 AM, Tim Newsham tim.news...@gmail.com wrote:
We are more vulnerable to widespread acceptance of these bad principles
than
almost anyone, ultimately, But doing all these things has won larger
budgets
and temporary successes for specific people and agencies
One of the biggest problems with the current situation is that US
technology companies have no ability to convince others that their
equipment has not been compromised by a government mandated backdoor.
This is imposing a significant and real cost on providers of outsourced Web
Services and is
On 2013-10-08 03:14, Phillip Hallam-Baker wrote:
Are you planning to publish your signing key or your decryption key?
Use of a key for one makes the other incompatible.�
Incorrect. One's public key is always an elliptic point, one's private
key is always a number.
Thus there is no reason
On 10/8/13 at 7:38 AM, leich...@lrw.com (Jerry Leichter) wrote:
On Oct 8, 2013, at 1:11 AM, Bill Frantz fra...@pwpconsult.com wrote:
We seriously need to consider what the design lifespan of our
crypto suites is in real life. That data should be
communicated to hardware and software
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
I am looking at different options for building a PKI for securing personal
communications and it seems to me that the Key Party model could be
improved on if
On Oct 7, 2013, at 12:55 PM, Jerry Leichter wrote:
On Oct 7, 2013, at 11:45 AM, Arnold Reinhold a...@me.com wrote:
If we are going to always use a construction like AES(KDF(key)), as Nico
suggests, why not go further and use a KDF with variable length output like
Keccak to replace the AES
On 2013-10-08 02:03, John Kelsey wrote:
Alongside Phillip's comments, I'll just point out that assassination of key
people is a tactic that the US and Israel probably don't have any particular
advantages in. It isn't in our interests to encourage a worldwide tacit
acceptance of that stuff.
On 10/07/2013 05:28 PM, David Johnston wrote:
We are led to believe that if it is shown that P = NP, we suddenly have a
break for all sorts of algorithms.
So if P really does = NP, we can just assume P = NP and the breaks will make
themselves evident. They do not. Hence P != NP.
As
On Oct 8, 2013, at 6:10 PM, Arnold Reinhold wrote:
On Oct 7, 2013, at 12:55 PM, Jerry Leichter wrote:
On Oct 7, 2013, at 11:45 AM, Arnold Reinhold a...@me.com wrote:
If we are going to always use a construction like AES(KDF(key)), as Nico
suggests, why not go further and use a KDF with
We are more vulnerable to widespread acceptance of these bad principles than
almost anyone, ultimately, But doing all these things has won larger budgets
and temporary successes for specific people and agencies today, whereas
the costs of all this will land on us all in the future.
The same
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FYI I'm helping Perry out with Moderator duties.
I've noticed an upswing on political discussion that are starting to range into
security issues and less on Cryptography.
Consider this a gentle reminder that that's not really the charter of this
On Tue, Oct 8, 2013 at 4:14 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-08 03:14, Phillip Hallam-Baker wrote:
Are you planning to publish your signing key or your decryption key?
Use of a key for one makes the other incompatible.�
Incorrect. One's public key is always an
On Tue, Oct 8, 2013 at 1:46 PM, Bill Frantz fra...@pwpconsult.com wrote:
On 10/8/13 at 7:38 AM, leich...@lrw.com (Jerry Leichter) wrote:
On Oct 8, 2013, at 1:11 AM, Bill Frantz fra...@pwpconsult.com wrote:
We seriously need to consider what the design lifespan of our crypto suites
is in
On Oct 8, 2013, at 4:46 PM, Bill Frantz fra...@pwpconsult.com wrote:
I think the situation is much more serious than this comment makes it appear.
As professionals, we have an obligation to share our knowledge of the limits
of our technology with the people who are depending on it. We know
15 matches
Mail list logo