On Tue, 24 Jun 2003, Ian Grigg wrote:
http://sslbar.metropipe.net/
Fantastic news: coders are starting to work
on the failed security model of secure browsing
and improve it where it matters, in the browser.
This plugin for Mozilla shows the SSL certificate's
fingerprint on the web
On Mon, 7 Jul 2003, Hack Hawk wrote:
So what they're saying is that your PRIVATE key is stored on a server
somewhere on the Internet?!?!
No, this (like Kerberos) works best in a federated model. Each
organization (or group of organizations that trust a common third
party and have mechanisms
. slightly
related discussion of the security proportional to risk and the
vulnerability represented by the merchant transaction file
Is X9.59 actually in use for consumer retail transactions anywhere?
--
Victor Duchovni
IT Security,
Morgan Stanley
message attachments would be largely unnecessary (one also needs to
close the the macro invocation problem, but this is not insurmountable).
It is my contention that so long as activating an icon does not
distinguish between Run and View all Graphical Shells will be
insecure.
--
Victor
with the previously discussed trusted path issues,
non-spoofing of the security interface, ...
--
Victor Duchovni
IT Security,
Morgan Stanley
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
or practice?
What fraction of real users will be able to use these systems? Will
users really understand the composition properties of security policies?
--
Victor Duchovni
IT Security,
Morgan Stanley
, or to gracefully time out the TLS negotiation if progress
is too slow. This means that the caller should be able to tear down the
state of a partially completed connection at any time without memory leaks
or other problems.
--
Victor Duchovni
IT Security,
Morgan Stanley
On Sat, 6 Dec 2003, Will Rodger wrote:
Steve Bellovin wrote:
http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/
Does anyone have details? How much overhead would this entail?
To avoid replay attacks one needs to sign a string that is tied to a
specific message or time
On Sun, 7 Dec 2003, Anton Stiglic wrote:
But you should be sending mails via *your* SMTP server, and should be
connecting to that SMTP server using SSL and authentication. Open relays
encourage spam. People shouldn't be relaying mail via just any SMTP server.
This is misguided, but we
their technology
adopted, but even Microsoft has a hard time getting users to upgrade from
Windows 98/Office 97 which continue to perform well enough for most users
(security flaws and all).
--
Victor Duchovni
IT Security,
Morgan Stanley
On Thu, 1 Jan 2004, Ed Reed wrote:
I'm curious, Victor - do you use any functions to verify that the
sender's
email address is live to insure that a valid reply is possible?
No, this is not known to scale well to large sites. Also widespread
adoption of sender verification encourages
On Thu, 1 Jan 2004, Amir Herzberg wrote:
IMHO, your conclusion is wrong: cryptographic authentication could be a
critical tool to stop spam; someone in our community should do this (write
the software) already... How? E-mail (at least from new correspondents)
must be signed by an `anti-spam
On Sat, 3 Apr 2004, Hadmut Danisch wrote:
What if a cryptographer is found to intentionally have given a false
expertise in cryptography and security just to do a colleague a favor,
when he erroneously assumed the expertise would be kept secret? Would
such a cryptographer be considered as
On Sun, 4 Jul 2004, Anne Lynn Wheeler wrote:
http://www.thisislondon.com/news/business/articles/timid80044?source=
http://www.thisismoney.com/20040704/nm80044.html
ONE of Britain's biggest banks is asking customers to use cash
machines as little as possible to help combat soaring card
is
mapped onto the reals, becomes a self-adjoint operator. To go from
this to the reported claim is at least premature and likely ludicrous.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
this claim
(if it is indeed reported correctly).
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality
in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
On Sun, Dec 19, 2004 at 05:24:59PM +0100, Florian Weimer wrote:
* Victor Duchovni:
The third mode is quite common for STARTTLS with SMTP if I am not
mistaken. A one day sample of inbound TLS email has the following cipher
frequencies:
8221(using TLSv1 with cipher DHE-RSA-AES256
in error, \ /
CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
On Fri, Feb 11, 2005 at 11:31:16AM -0500, Tim Dierks wrote:
On Thu, 10 Feb 2005 15:59:04 -0500, Victor Duchovni
[EMAIL PROTECTED] wrote:
If the symmetric cypher is fully re-keyed when sessions are resumed
while avoiding the fresh start PKI overhead, then life is simple
and sessions can
public key
useful to the attacker?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
On Wed, Mar 16, 2005 at 02:23:49AM +1300, Peter Gutmann wrote:
Certainly with UIXC it's not worth anything.
What is UIXC?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
was to allow Kerberos mutual auth to not only log the
user in, but to also authenticate the server despite any mismatch in the
(now ephemeral) RSA keys.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST
of Dan's
attack to a Kerberos 5 KDC with an AES TGS key?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality
delay could solve this problem, though
I for one don't know how to do that portably in a way that guarantees
no leakage of timing information.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST
Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
.
Whose loses do these numbers measure?
- Issuer Bank?
- Merchant?
- Consumer?
- Total?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender
,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
), and A redirects the user back to B's federated login verification
page passing back the authentication data and the original url, so the user
is taken to the right place after the credentials are verified.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor
member of the orbit of an input string
under the group gives a hash that is invariant under the group operation.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does
in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
://www.redflex.com.au/traffic/pdfs/RedflexSpeed2V2.pdf
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley
in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
the world be a better place if we could all agree on a
single such library? Or at least, a single API. Like the STL is for C++.
Yes, absolutely, but who is going to do it?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy
.../SCRIPT content,
the action URIs of all forms, and the targets of all links, ignoring
superficial content changes and changes in layout (sort the hashed
items).
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X
increasingly prohitive quantities
of RAM. Read the DJB hardware GNFS proposal.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan
of their
own contribution to the protocol.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
On Fri, Dec 02, 2005 at 10:13:21PM -0200, [EMAIL PROTECTED] wrote:
Well, you just can't prove a PRNG is secure. It would be like proving that
the AES
is secure, or that factoring integers is hard. It just can't be done (aside
theoretical
discutions about P=NP).
Actually, this is
On Sat, Dec 03, 2005 at 10:47:52PM -0600, Travis H. wrote:
On 12/3/05, Victor Duchovni [EMAIL PROTECTED] wrote:
Actually, this is inaccurate, proving the strength of AES or factoring is
difficult, and may never happen, we may even prove AES to be not secure
(in a broad sense) some day
On Mon, Dec 05, 2005 at 02:21:02AM -0600, Travis H. wrote:
On 12/4/05, Victor Duchovni [EMAIL PROTECTED] wrote:
Wrong threat model. The OP asked whether the system generating random
numbers can prove them to have been randomly generating to a passive
observer.
I didn't read it that way
the problem of key management go away.
My *personal* view is that patent encumbered technologies don't have a
major role to play in anything quite as ubiquitous as email.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
the users, hand them their keys
on smart cards (or other suitable hardware) that you initialize.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML
\n);
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
with HTTP servers, but the majority of TLS capable MTAs
negotiate EDH ciphers.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan
and needs to be reported as such.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
over OpenSSL (not GnuTLS) and OpenSSL has an error stack, which
the application can process as it sees fit. The libgrypt approach to
error reporting is not acceptable.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X
NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
-
sons.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
expect views to shift dramatically. If the developers were open to the
issue, the request might have been fruitful. If they dig in their heels,
I am free to use other libraries.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy
RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
interoperable systems...
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
.
MaximEither it is not mature enough, or it has spam./Maxim
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley
to unfairly tarnish
the competence of the email RFC writers, without regard to the intrinsic
properties of the medium.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does
model for the mass market.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
On Wed, Mar 29, 2006 at 10:51:08AM +0200, [EMAIL PROTECTED] wrote:
In am nearly sure that a preimage attack (MD5) will be found in the
next two or three years.
Is there already evidence of progress in that direction?
--
Viktor.
is stored, new key management issues come to the surface.
I for one would not want to lose my hard-drive if the CPU is fried...
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
principals (global naming) to subjects/users
(local naming). So principal != account.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL
that
are file system agnostic, cannot violate block update atomicity and so
MUST not offer integrity.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
to re-invent the wheel? It took multiple iterations of design
improvements to get TLS right, even though it was designed by experts.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
On Sun, May 14, 2006 at 07:56:17PM -0500, Travis H. wrote:
On 5/14/06, Victor Duchovni [EMAIL PROTECTED] wrote:
Security is fragile. Deviating from well understood primitives may be
good research, but is not good engineering. Especially fragile are:
Point taken
be a good foundation.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
).
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
On Wed, Oct 18, 2006 at 12:00:41AM -0400, Victor Duchovni wrote:
Hash functions are supposed to be pseudo-random. For a 160 bit hash In
an input set of 2^80 elements we should expect to find a collision...
If we iterate from a random starting point we expect to enter a cycle
of length ~2^79
handshake per
cache TTL and then just bulk crypto for many deliveries that reuse the
cached SSL session.
So what is your load like?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
On Wed, Jan 10, 2007 at 06:31:21PM -0500, Steven M. Bellovin wrote:
I just stumbled on a web site that strongly believes in crypto --
*everything* on the site is protected by https. If you go there via
http, you receive a Redirect. The site? www.cia.gov:
$ telnet www.cia.gov 80
Trying
of the interface,
that I am not making unfounded assumptions, and there are no obvious bugs
in the part of the library that I am reviewing.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
On Sat, Jan 20, 2007 at 10:10:47PM +1300, Peter Gutmann wrote:
Victor Duchovni [EMAIL PROTECTED] writes:
It took reading the code to determine the following:
- ASN.1 Strings extracted from X.509v3 certs are not validated for
conformance with the declared character syntax. Strings
.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use
On Fri, Jan 26, 2007 at 07:06:00PM +1300, Peter Gutmann wrote:
Victor Duchovni [EMAIL PROTECTED] writes:
Generally it is enough for a TLS server or client to present its own
certificate and all *intermediate* CA certificates, sending the root CA cert
is optional, because if the verifying
On Sat, Jan 27, 2007 at 02:12:34PM +1300, Peter Gutmann wrote:
Victor Duchovni [EMAIL PROTECTED] writes:
Wouldn't the old root also (until it actually expires) verify any
certificates signed by the new root? If so, why does a server need to send
the new root?
Because the client may
a verifier has the old root and the server presents the new root
in its trust chain.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL
On Wed, Jan 31, 2007 at 01:57:04PM +1300, Peter Gutmann wrote:
Victor Duchovni [EMAIL PROTECTED] writes:
What I don't understand is how the old (finally expired) root helps to
validate the new unexpired root, when a verifier has the old root and the
server presents the new root in its trust
On Wed, Jan 31, 2007 at 01:57:04PM +1300, Peter Gutmann wrote:
Victor Duchovni [EMAIL PROTECTED] writes:
What I don't understand is how the old (finally expired) root helps to
validate the new unexpired root, when a verifier has the old root and the
server presents the new root in its trust
RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
to follow in the footsteps of Randal
L. Schwartz, it is sadly best to stay ignorant of such matters...
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
less likely, so though I
don't find it a credible threat, the publicity may help to avert any
silliness from coming to pass.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender
question, not an algorithm question, so you need a
security review of the protocol (which you have not described).
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does
Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
.
With EECDH one can use ECDH handshakes signed with RSA keys, but that
does not really address any looming demise of 1024 bit RSA.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender
the server certificate by its md5, sha1, or
SHA256/384/512 fingerprint. (No support for web-of-trust, one step
at a time).
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender
On Wed, May 23, 2007 at 06:34:26PM +0200, Florian Weimer wrote:
* Victor Duchovni:
That's good of you not to expect it, given that zero of the major CAs
seem to support ECC certs today, and even if they did, those certs
would not work in IE on XP.
We are not talking about this year
: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
MITM (just as plausible IMHO with fixed circuits as passive
eavesdropping)?
Once QKD is augmented with authentication to address MITM, the Q
seems entirely irrelevant.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
interactions with the fake terminal. Is the system
still secure? Likely not, I would bet The threat model was card forgery,
not MITM.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security
(charitably) fiction.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege
, but
if I were a budget director I would spend the money elsewhere...
I am most curious as to the legal issue that came up regarding QKD.
Indeed, what was the legal question that got us here?
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please
in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAILMorgan Stanley confidentiality or privilege,
and use is prohibited
, and training can
be based around the approaches taken in the show-case systems.
When I hear developers demanding security APIs I pretend to be deaf...
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST
#smtpd_tls_auth_only
http://www.postfix.org/postconf.5.html#smtp_sasl_tls_security_options
which is highly suggestive of using TLS to protect plain-text passwords
in flight.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy
is not the answer. Otherwise, claiming that SSL is less efficient
over TCP smacks of arrogance.
--
/\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL
1 - 100 of 145 matches
Mail list logo