On 2013-03-04 8:48 AM, Jeffrey Walton wrote:
Little folks like me have to play by the rules, or risk getting the
Schwartz treatment from folks like Steve Heymann and Carmen Ortiz.
No, we don't have to play by these rules, which our rulers have pretty
much forgotten about.
Swartz penetrated
On 2013-03-04 11:09 AM, Patrick Mylund Nielsen wrote:
Say what you will about the semi-morbid posthumous inflation of Aaron
Swartz contributions and stature, but don't pretend to know what he
thought
I know what Wallace thought and Wallace was evil, insane, and suicidal.
Swartz described
On 2013-03-04 8:10 AM, Arshad Noor wrote:
I also agree that all this seems irrelevant considering that everyone
has access to strong crypto in one form or another; but, even a stupid
law is still the law.
Much though we long for the glory days when cypherpunks actually were a
persecuted
On 2013-02-20 6:21 AM, Jonathan Warren wrote:
It is tricky indeed. The handshaking necessary to set up the session key could
piggyback on the first couple messages that users send to one another although
those first several messages would not be forward-secret. I suppose that the
session key
On 2013-02-17 4:49 AM, Jonathan Warren wrote:
A primary goal has been to make a clean and simple interface so that
the key management, authentication, and encryption is simple even for
people who do not understand public-key cryptography.
On 2013-01-26 8:31 AM, Paul Hoffman wrote:
Since there isn't a strong list moderator here, I gotta ask: is this (and
similar PKIX-is-broken threads) on-topic for this mailing list? Regardless of
how much I agree with the sentiment, it seems to have nothing to do with
cryptography. Maybe
On 2013-01-19 2:14 AM, ianG wrote:
Also, the confounded users tend to lose their phones or have them
stolen. And then they demand their 'identities' back, as if nothing
has happened. So the keys need to be agile, in some sense. Which
pushes us away from the phone, to cloud, or a variant,
On 2013-01-18 1:17 AM, Thierry Moreau wrote:
First, replace client certificate by client PPKP (public-private
key pair) and be ready for a significant training exercise. The
more the trainee knows about X.509, the greater challenge for the
trainer.
It has been decisively and repeatedly
On 2013-01-17 9:02 AM, Adam Back wrote:
There was a subthread in this huge PKI-is-failing and doesnt solve
phishing
thread looking at what might solve phishing (modulo engineering and
deployment issues).
To summarize Ian Ben mentioned and I add a few:
- client side certificates
- password
On 2013-01-08 7:26 PM, Ben Laurie wrote:
Modulo CAs not working correctly, this is what SSL does. So long as
you define the right server as being the one with the domain name
you navigated to.
Domain names are lengthy and not all that human memorable.I logon to
citicard, the correct
On 2013-01-07 10:31 PM, Jeffrey Walton wrote:
In addition,
Mozilla does not make money form the CAs.
What is in it for Mozilla?
What was in it for Banking Committee Senators Jon Corzine, Chris Dodd,
and Kent Conrad, and Fannie May CEO Jim Johnson?
On 2013-01-07 9:20 AM, Peter Gutmann wrote:
I'll update it as soon as browser PKI starts working (meaning that we have
real evidence that it's effectively preventing the sorts of things attackers
are doing, phishing and so on). Deal?
The fundamental cause of phishing is that it is so easy to
On 2013-01-05 9:31 AM, Ryan Sleevi wrote:
On Fri, January 4, 2013 3:06 pm, James A. Donald wrote:
On 2013-01-05 8:05 AM, Ryan Sleevi wrote
Can you explain how, exactly, incumbents leverage any power to keep new
entrants out?
Such behavior is necessarily a deviation from official truth
On 2013-01-05 12:07 PM, Morlock Elloi wrote:
Correct. The cost of being CA is equal to the cost of getting CA signing pub
key into the target audience browsers.
You can (sorted by increasing security, starting with zero):
1 - go through browser vendors,
2 - have your users to install
On 2012-12-18 1:25 AM, CodesInChaos wrote:
One could require the user to specify/confirm a certificate
fingerprint on gmail in such a case. That way you're MitM proof, even
with a self signed certificate.
Who is the real you? Well, obviously the you that knows the gmail password.
On 2012-12-16 6:23 AM, Andy Steingruebl wrote:
given some of the more recent attacks against Google (and Facebook's)
customers they believe that active MiTM is actually a real threat, and
would rather not pretend to protect you from it when they aren't, by
using a self-signed certificate that
On 2012-12-15 1:51 AM, Eugen Leitl wrote:
- Forwarded message from Randy na...@afxr.net -
From: Randy na...@afxr.net
Date: Fri, 14 Dec 2012 09:47:03 -0600
To: NANOG list na...@nanog.org
Subject: Gmail and SSL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:17.0) Gecko/17.0
On 2012-10-26 2:44 AM, Ben Laurie wrote:
As someone who sees the effects of actually using DKIM, I can but roll
my eyes and shrug. In short, it turns out to be a pretty bad idea to
hard fail on DKIM because it totally doesn't work with mailing lists.
Which makes it pretty useless, key size
On 2012-10-26 7:11 PM, Peter Gutmann wrote:
I'd like to find out what caused this, not to lay blame, but to understand
what the issue was and to make sure that it won't come back to bite us again
in future deployments.
My own experience, not necessarily typical and representative, is that
it
On 2012-10-19 10:52 AM, Jeffrey Walton wrote:
Hi All,
I have a Secure Remote Password (SRP) implementation that went through
a pen test. The testers provided a critical finding - the email
address was sent in the plaintext. Noe that plaintext email addresses
are part of the protocol.
I'm not
On 2012-10-14 12:21 AM, Thierry Moreau wrote:
ianG wrote:
On 10/10/12 23:44 PM, Guido Witmond wrote:
2. Use SSL client certificates instead;
Yes, it works. My observations/evidence suggests it works far better
than passwords because it cuts out the disaster known as I lost my
On 2012-10-12 2:27 AM, =JeffH wrote:
Federated identity management (FIM) enables a user to authenticate
once and access privileged information across disparate domains. FIM�s
proponents, who see the technology as providing security and ease of
use, include governments and leaders in the IT
On 2012-10-06 12:12 PM, Randall Webmail wrote:
It had no certificate.
Why is that?
Central authority is a security hole.
Suppose the state wants a more cooperative Tor. The guy who is most
cooperative will get to be designated the real Tor.
Instead, you should verify the digital
On 9/19/2012 2:17 AM, Zack Weinberg wrote:
I've seen claims that quantum key agreement lets both parties detect a
man in the middle with no prior communication and no trusted third
party. If that's true it would obviously be huge.
Whispering in someone's ear, or, equivalently, near field
On 2012-09-08 11:10 AM, Rose, Greg wrote:
On 2012 Sep 7, at 15:54 , Peter Gutmann wrote:
Even if the likelihood of transforming the heap corruption
into remote code execution is exceedingly low, you still have to classify it
as RCE until you can rule out all possibility of code execution.
On 2012-09-05 11:51 PM, StealthMonger wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can there be a cryptographic dead man switch? A secret is to be
revealed only if/when signed messages stop appearing. It is to be
cryptographically strong and not rely on a trusted other party.
Such
On 2012-08-29 12:10 PM, Natanael wrote:
Isn't the standard answer to always verify, verify, verify? Make sure
you only accept some types of data from Malloc and verify it *can't* do
strange crap. Also, read up on XSS prevention and all that.
In other words, Bob's server reads malloc's content,
Suppose your web page incorporates some content from another url, a not
altogether trusted url. Let us call this other url Malloc. You, the
owner of the website and the author of the main part of the web page are
Bob, the browser is being viewed by Carol, and you incorporate content
from
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
To avoid padding oracle attacks, always use authenticated encryption,
such that a corrupted message always generates the same response in the
same time.
___
On 2012-06-23 10:48 PM, ianG wrote: And, now it is possible to see a
case where even if we didn't need the
secrecy for administrative reasons, random number generation may want to
keep the seed input to the DRBG secret.
If we had the raw unwhitened semi random data, an attacker could
On 2012-06-21 12:07 AM, James Muir wrote:
On 12-06-19 08:51 PM, Jonathan Katz wrote:
Anyone know any technical details about this? From the news reports I've
seen, it's not even clear to me what, exactly, was broken.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jun 20, 2012, at 8:35 AM, Matthew Green wrote:
I'm definitely /not/ an ECC expert, but this is a pairing-friendly curve, which
means it's vulnerable to a type of attack where EC group elements can be mapped
into a field (using a bilinear
On 2012-06-22 6:21 PM, James A. Donald wrote:
Is this merely a case where 973 bits is equivalent to ~60 bits symmetric?
As I, not an authority, understand this result, this result is not
oops, pairing based cryptography is broken
It is oops, pairing based cryptography requires elliptic
On 2012-06-20 5:22 AM, Matthew Green wrote:
If you assume that every manufactured device will meet the standards of Intel's
test units, then you can live with the CRI/Intel review.
If you're /not/ confident in that assumption, the ability to access raw ES
output would be useful...
I see no
James A. Donald wrote:
I see no valid case for on chip whitening. Whitening
looks like a classic job for software. Why waste chip
real estate on something that will only be used 0.001% of
the time.
On 2012-06-22 6:53 AM, Michael Nelson wrote:
I suppose that if the rng was shared between
And, to get back on topic after having gone dangerously off topic:
The market for cryptography is the market for silver bullets: Those
actually paying money cannot tell the difference between real experts
and salesmen, thus the incentive to actually be any good at this is not
high.
On 2012-06-19 4:51 AM, Matthew Green wrote:
1. Private evaluation report (budgeted to, say, 200 hours)
probabilistically identifies N serious vulnerabilities. We
all know that another 200 hours could turn up N more. In
fact, the code may be riddled with errors. Original N
vulnerabilities are
On 2012-06-19 8:03 PM, Givonne Cirkin wrote: i don't understand why is
it clear to some they get it right away. why do others not see it? i
thought i was clear to use the sequence up until the first repeat.
This is just one time pad.
___
On 2012-06-19 7:02 AM, Jack Lloyd wrote:
You're
not saying that CRI would hide things, you're just saying that
accepting payment sets the incentives all the wrong way and that all
companies would put out shoddy work so long as they got paid,
especially if giving a bad review would make the
On 2012-06-19 9:07 AM, d...@deadhat.com wrote:
It does tell you that if it is your chip and you don't let
someone else pull the lid off, scrape off the passivation and apply a pico
probe to it, it will certainly provide you with good random numbers
regardless of the FIPS mode.
I don't know
On 2012-05-02 12:23 AM, Peter Gutmann wrote:
Thor Lancelot Simont...@panix.com writes:
NIST says 2048 bit RSA keys should have a 3 year lifetime. Who here really
wants to explain to customers (or investors!) that he willfully ignored that
recommendation and just reused the same old key when
On 2012-04-28 4:05 PM, ianG wrote:
the cryptographer's push for AE mode is simply the creation of a more
perfect hammer, when our real worries are about the building, not the nail.
Well said. Cryptographers have a habit of building a fortress with three
entirely impregnable walls and one
On 2012-04-29 4:02 AM, Benjamin Kreuter wrote:
That is assuming that all messages are the same size, which is not
generally the case. If Alice, Bob, Carol, and Dave are users, and
Alice sends a 150KB encrypted message, Bob sends a 20KB encrypted
message, and then at some random point in the
On 2012-04-26 1:11 PM, Zooko Wilcox-O'Hearn wrote:
how are we
doing? Are we winning? I don't know about you, but I consider myself
to be primarily a producer of defense technology. I'd like for every
individual on the planet to have confidentiality, data integrity, to
be able to share certain
On 04/13/2012 01:52 AM, Zooko Wilcox-O'Hearn wrote:
HASH_d(x) = HASH(HASH(x))
I pretty much always use the HASH_d technique, and that way I don't
have to spend time figuring out what length-extension attacks can or
can't do to my designs.
On 2012-04-14 1:50 AM, Marsh Ray wrote:
But now SHA-2
On 2012-04-09 9:15 AM, Steven Bellovin wrote:
Yes, the algorithms and protocols can be very important,
especially if you have serious enemies. They're also more
fun for many folks (myself included) than the really hard
engineering and development work to make the thing usable.
They're orders
On 2012-04-09 10:17 AM, Steven Bellovin wrote:
I'd put most of it down to conflicting agendas -- even people
you regard as evil don't see themselves that way; they
simply have a different definition -- agenda -- for good.
An agenda which requires them to lie about what they believe, stack
On 2012-04-05 6:55 PM, Marsh Ray wrote:
So I point out that one of the most commonly-used VPN protocols is
completely ineffective and this is the reaction I get? Gee I expected
more from you guys. :-)
Perhaps I just phrased it wrong. Let me try again:
Hey yall!
There's this here NSA
On 2012-04-03 11:25 PM, StealthMonger wrote:
It's world-class protracted social engineering. Orchestrated by whom?
You attribute too much competence to our enemies. The problem is that
our tools are unsatisfactory, no one wants to use them. They need
improvement.
One tool that works and
On 2012-03-31 11:49 PM, Mario Contestabile wrote:
You guys have any cypherpunk opinions on https://crypto.cat/ ?
It's a secure online communication tool, apparently used by Anonymous.
It was developed by Nadim Kobeissi, (yet another Montrealer).
Mario
Public source, standard algorithms,
On 2012-04-01 6:17 AM, natanae...@gmail.com wrote:
There are two issues IMHO:
* SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
According to the spec, your key remains on your browser.
So cannot be leaked unless your computer has been got at.
On 2012-04-01 7:51 AM, natanae...@gmail.com wrote:
It's running in a browser using JS...
To attack JS, the attacker needs to induce the victim to open the
attackers web page at the same time as the attacked web page, and
successfully apply a cross site scripting attack. The simplicity of
On 2012-03-31 1:51 AM, Nico Williams wrote:
We don't encrypt e-mail for other reasons, namely because key
management for e-mail is hard.
Key management is hard because it involves a third party, which third
party is also the major security hole.
We have been doing key management the wrong
On 2012-03-30 10:10 PM, StealthMonger wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adam Backa...@cypherspace.org writes:
Not sure that we lost the crypto wars. US companies export full
strength
crypto these days, and neither the US nor most other western
counties have
On 2012-03-02 7:14 AM, Thierry Moreau wrote:
Then what remains of the scheme reputation once Mallory managed to
inject a fraudulent certificate in whatever is being audited (It's
called a log but I understand it as a grow-only repository)?
Suppose an Iranian CA were to issue certificate for a
On 2012-03-01 8:53 AM, James S. Tyre wrote:
The authorities seized the encrypted Toshiba laptop from defendant Ramona
Fricosu in 2010
with valid court warrants while investigating alleged mortgage fraud, and
demanded she
decrypt it. Colorado U.S. District Judge Robert Blackburn ordered the
On 2012-02-28 11:34 PM, The Fungi wrote:
Your login was successful, but due to recent security concerns we
also require a one-time verification of your personal information.
Please now enter the following...
* Checking Account Number
* Bank Routing Number
* ATM Card Number
* Card
James A. Donaldjam...@echeque.com writes:
Hidden compartment? What hidden compartment? If I have one, you are welcome
to search it. Go knock yourselves out.
On 2012-02-27 1:30 PM, Peter Gutmann wrote:
James, meet Bertha. Sorry about her cold hands, just give her a minute to get
the gloves
On 2012-02-27 6:01 PM, Harald Hanche-Olsen wrote:
And you can argue that much of the
discussion is on topic if the topic is construed broadly.
Ninety percent of cryptography is threats, in the sense that most of the
failures we see around us, are failures to consider the real world in
which
[Another key bitcoin flaw is that it's not particularly anonymous
in the face of NSA-level network surveillance. Cash *is* (remains)
under these conditions.]
On 2012-02-27 10:26 PM, lodewijk andré de la porte wrote:
Working on this. And the network problem.
What is the plan?
Seems to me
On 2012-02-27 10:45 PM, Jack Lloyd wrote:
My assumption is that anyone who is interested and capable of
moderating a crypto mailing list will inevitably find that they have
more interesting things to do than moderating a crypto mailing list
(the failure mode of cryptogra...@metzdowd.com).
d...@geer.org wrote:
Warren Buffet's arguments are, to my eye, aligned with
yours. He argues that gold has no intrinsic value, unlike
farmland or a company like Coca Cola. In that way, his
evaluation is as instrumentalist as is yours, to the extent
that I understand the both of you. His
See 2011 shareholder letter
www.berkshirehathaway.com/letters/2011ltr.pdf
Warren Buffet's argument leads to the conclusion that had Roman in the
time of Caesar invested a talent in land, or deposited some money with
the money lenders to earn interest, his descendents would now be worth
On 2012-02-27 1:28 AM, Benjamin Kreuter wrote:
If the US
Dollar were to fail, Bitcoin would be the last thing on anyone's mind;
we would probably wind up switching to some other government's currency
while we sorted out the mess (Yuan perhaps), or we would just spend our
time killing each other
On 2012-02-27 1:28 AM, Benjamin Kreuter wrote:
If the US Dollar were to fail, Bitcoin would be the last
thing on anyone's mind; we would probably wind up switching
to some other government's currency while we sorted out the
mess (Yuan perhaps), or we would just spend our time
killing each
On 2012-02-27 3:35 AM, Jon Callas wrote:
Remember what I said -- they're law enforcement and border
control. In their world, Truecrypt is the same thing as a
suitcase with a hidden compartment. When someone crosses a
border (or they get to perform a search), hidden
compartments aren't
On 2012-02-27 4:29 AM, Harald Hanche-Olsen wrote:
I know nothing about TrueCrypt, but I imagine a technical solution to
this kind of problem exists: Just give TrueCrypt the ability to have a
virtually unlimited number of hidden volumes. Now you can reveal them,
one after the other, in increasing
On 2012-02-27 5:09 AM, Marsh Ray wrote:
So everyone who now has a hidden 2nd Truecrypt partition with
incriminating things in it needs to make it their hidden 3rd partition
and in the hidden 2nd partition instead store things which are merely
embarrassing.
Except that as it is stipulated that
On 2012-02-25 5:50 PM, Jon Callas wrote:
There is no such thing as plausible deniability in a legal
context.
Plausible deniability is a term that comes from conspiracy
theorists (and like many things contains a kernel of truth)
to describe a political technique where everyone knows what
Jon Callasj...@callas.org writes:
I've spoken to law enforcement and border control people
in a country that is not the US, who told me that yeah,
they know all about TrueCrypt and their assumption is that
*everyone* who has TrueCrypt has a hidden volume and if
they find TrueCrypt they
On 2012-02-26 1:18 AM, Benjamin Kreuter wrote: The demand
for Bitcoin as a currency is driven by its properties as a
digital cash system; people still need to get their
nation's currency at some point
Frau Eisenmenger writes in her 1919 diary:
If the users of bitcoin are primarily criminals, that is pretty much
what the founders intended. Every middle class man of affairs and
business commits three felonies a day.
The paper presupposes that criminals are such horrible people that
everything they touch turns to shit.
My
Truecrypt supports an inner and outer encrypted volume, encryption
hidden inside encryption, the intended usage being that you reveal the
outer encrypted volume, and refuse to admit the existence of the inner
hidden volume.
To summarize the judgment: Plausibile deniability, or even not very
On 2012-02-25 7:28 AM, Steven Bellovin wrote:
The first point, not addressed in your note but quite important to the ruling,
is that the key has to be something you know, not something you have. If the
keying material is on a smart card, you have to turn that over and you're not
protected.
On 2012-02-25 12:53 PM, ianG wrote:
It is also a singular lesson in the emotive power of cryptography to
encourage large numbers of people to hash their intelligent thought
processes. What we are seeing is otherwise rational people invest much
time effort into what amounts to a ponzi or
Surely the core of the ruling is that no one except the
defendant knows for sure whether the key exists, knows
whether there is an inner truecrypt volume or not. The cross
examination of the forensics witness focused on that point.
On 2012-02-25 1:25 PM, d...@geer.org wrote:
On 2012-02-23 9:07 AM, ianG wrote:
Um. I feel exactly the reverse. I feel uncomfortable with crypto code
written in languages that guarantee buffer overflows, stack busting
attacks, loose semantics at data and calling levels, a 5 x developer
penalty, and an obsession about the metal not the
On 2012-02-23 9:49 AM, Jeffrey Walton wrote:
On Wed, Feb 22, 2012 at 2:53 AM, James A. Donaldjam...@echeque.com wrote:
On 2012-02-22 12:31 PM, Kevin W. Wall wrote:
1) They think that key size is the paramount thing; the bigger the
better.
2) The have no clue as to what cipher modes are. It's
On 2012-02-23 12:11 PM, ianG wrote:
On the crypto topic that everyone loves to hate, Bitcoin, the expected
attack has begun.
http://financialcryptography.com/mt/archives/001363.html
Philipp Guering and I wrote a paper that explains how this will fall out.
On 2012-02-21 10:57 PM, ianG wrote:
if you don't care that much, it's good enough. If you care
an awful lot, you have to do it yourself anyway.
My now outdated Crypto Kong maintained its own non volatile file of
randomness, stored it to disk on program shutdown. On each program
startup, it
On 2012-02-20 2:08 AM, Florian Weimer wrote:
Can somebody explain me how this so-called Homomorphic split-key
encryption works?
Homomorphic means you combine the keys without finding out the key that
you are combining - Everyone gives you an encrypted copy of their key
fragment, and when you
On 2012-02-20 7:55 AM, Ali, Saqib wrote:
Hi James,
I am still not sure why you need homomorphism in this case. What is
the benefit of using homomorphism to porticor's customer, for example?
With RSA split keys, you need a trusted party to combine them - but if
the trusted party is
On 2012-02-18 7:40 PM, Adam Back wrote:
Occam's razor suggests cryptographic incompetence.. number one reason
deployed systems have crypto fails. Who needs to hire crypto people,
the developer can hack it together, how hard can it be etc. There's a
psychological theory of why this kind of
On 2012-02-14 8:40 PM, Ralph Holz wrote:
issuing a death sentence to a CA who has
disclosed is counter-productive. It will drive the others deeper into
hiding.
You kno, I can't help but think of the resemblance to the real world
death penalty for humans - AFAICT it does not seem to deter
On 2012-02-15 7:57 AM, Ralph Holz wrote:
You kno, I can't help but think of the resemblance to the real world
death penalty for humans - AFAICT it does not seem to deter criminals.
James A. Donald:
Singapore has approximately one hundredth to one thousandth the crime
rate of western
On 2012-02-07 12:52 PM, Steven Bellovin wrote:
http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars
A major, and long needed, improvement in reliability, security, and
performance.
___
cryptography
On 2011-12-05 14:58, Sandy Harris wrote:
Peter Gutmannpgut...@cs.auckland.ac.nz wrote:
You have to be inside the captive portal to see these blue-pill certs. This
is why various people have asked for samples, because only a select lucky few
will be able to experience them in the wild.
I am
On 2011-12-04 18:18, Ondrej Mikle wrote:
Hypothetical question: assume enough people get educated how to spot the MitM
box at work/airport/hotel. Let's say few of them post the MitM chains publicly
which point to a big issuing CA. It was said (by Peter I think) that nothing
would likely happen
On 2011-12-02 6:33 PM, Adam Back wrote:
To hand over a blank cheque sub-CA cert that could sign gmail.com is
somewhat dangerous. But you notice that geotrust require it to be in a
hardware token, and some audits blah blah, AND more importantly that you
agree not to create certs for domains you
On 2011-12-01 2:03 PM, ianG wrote:
If a CA is issuing sub-CAs for the purpose of MITMing, is this a reason
to reset the entire CA? Or is it ok to do MITMing under certain nice
circumstances?
It seems our CA system has come to resemble our audit system and our
financial system.
In very white
On 2011-11-28 2:00 PM, Peter Gutmann wrote:
Steven Bellovins...@cs.columbia.edu writes:
Does anyone know of any (verifiable) examples of non-government enemies
exploiting flaws in cryptography?
Could you be a bit more precise about what flaws in cryptography covers? If
you mean exploiting
On 2011-11-26 05:41, =JeffH wrote:
Of possible interest...
Subject: [SSL Observatory] Sovereign Keys: an EFF proposal for more secure
TLS authentication
From: Peter Eckersley p...@eff.org
Date: Fri, 18 Nov 2011 14:31:42 -0800
To: observat...@eff.org
For quite a while at EFF, we've been
The sovereign keys proposal, is to ensure that a website can only have
one key at at time - so that the bad guys cannot get a another
certificate for the same website from some highly cooperative or highly
incompetent certificate authority.
The proposed system seems to me overly complex and
On 2011-11-11 6:11 AM, coderman wrote:
... or wait for all relevant patents to expire. note that a sufficient
period of time may extend beyond expiration for some safe duration of
months/years.
All the routinely used ECC technology is more than fifteen years old.
What stops them from
On 2011-11-10 4:53 AM, Jack Lloyd wrote:
On Wed, Nov 09, 2011 at 07:22:08PM +0100, Adam Back wrote:
Any suggestions on EC capable crypto library that implements things without
tripping over any certicom claimed optimizations?
They can claim whatever they want. Since they have more money for
On 2011-11-10 4:22 AM, Adam Back wrote:
Anyone have informed opinions on whether ECDSA is patent free?
Nothing is patent free. Anyone can patent anything, and they usually do.
___
cryptography mailing list
cryptography@randombit.net
On 2011-10-06 12:34 AM, Marsh Ray wrote:
Just for the record, the Fox-IT Interim Report September 5, 2011
DigiNotar Certificate Authority breach 'Operation Black Tulip'
https://bugzilla.mozilla.org/attachment.cgi?id=558368 states that:
Around 300.000 unique requesting IPs to google.com have
Come on. This discussion has descended past whacko, which is where it went once the
broken by design discussion started.
On 2011-10-04 9:18 AM, Steven Bellovin wrote:
Quite. I had to point someone at some of these threads today; when it came to
this part, I alluded to black helicopters.
On Mon, Sep 26, 2011 at 12:02 AM, Chris Palmer snackypa...@gmail.com
Bankruptcy should not require jail or indentured
servitude time in order to make a gold standard work,
What made the gold standard fail was the capability of financiers to get
away with using borrowed money irresponsibly
On 2011-09-26 7:12 AM, John Levine wrote:
Um, no. This isn't the place for a historic treatise, but the 18th
and 19th centuries were one boom and bust after another, with lots of
inflation and deflation, and not just because of new gold mines.
No they did not have lots of inflation and
101 - 200 of 295 matches
Mail list logo