- Forwarded message from Nick Mathewson ni...@alum.mit.edu -
From: Nick Mathewson ni...@alum.mit.edu
Date: Tue, 9 Oct 2012 16:52:33 -0400
To: tor-...@lists.torproject.org
Subject: Re: [tor-dev] Even more notes on relay-crypto constructions
Reply-To: tor-...@lists.torproject.org
On Tue,
Hello Everyone,
I'm proposing to revitalise an old idea. With a twist.
The TL;DR:
1. Ditch password based authentication over the net;
2. Use SSL client certificates instead;
Here comes the twist:
3. Don't use the few hundred global certificate authorities to sign
the client certificates.
On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond gu...@wtmnd.nl wrote:
Hello Everyone,
I'm proposing to revitalise an old idea. With a twist.
The TL;DR:
1. Ditch password based authentication over the net;
2. Use SSL client certificates instead;
Here comes the twist:
3. Don't use the
On 10.10.2012 16:29, Jon Callas wrote:
Why not store a representation of a *key* (a hash is a representation of a
key) and then prove possession of the key? It doesn't need to be certified. I
can store that key on as many computers as needed via a keychain or something
like it.
Lemme throw
On Oct 10, 2012, at 9:09 AM, Ben Laurie b...@links.org wrote:
On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond gu...@wtmnd.nl wrote:
Hello Everyone,
I'm proposing to revitalise an old idea. With a twist.
The TL;DR:
1. Ditch password based authentication over the net;
2. Use SSL
On Wed, Oct 10, 2012 at 4:54 PM, Steven Bellovin s...@cs.columbia.edu wrote:
On Oct 10, 2012, at 9:09 AM, Ben Laurie b...@links.org wrote:
On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond gu...@wtmnd.nl wrote:
Hello Everyone,
I'm proposing to revitalise an old idea. With a twist.
The TL;DR:
I want to find common improper usages of OpenSSL library for SSL/TLS.
Can be reverse-engineered from a how to properly use OpenSSL FAQ,
probably, but would prefer information to the first point rather than
its complement.
--
http://www.subspacefield.org/~travis/
Any sufficiently advanced magic
On Wed, Oct 10, 2012 at 6:34 PM,
travis+ml-rbcryptogra...@subspacefield.org wrote:
I want to find common improper usages of OpenSSL library for SSL/TLS.
Can be reverse-engineered from a how to properly use OpenSSL FAQ,
probably, but would prefer information to the first point rather than
its
Hah. I'm surprised the term security theater wasn't coined earlier!
On Wed, Oct 10, 2012 at 9:29 PM, Warren Kumari war...@kumari.net wrote:
On Oct 10, 2012, at 3:56 PM, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
One thing that I've sadly seen more times than I can shake a
Jon Callas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 10, 2012, at 6:52 AM, Jonathan Katz wrote:
Looking at this just from the point of view of client-server authentication, how is this
any better than having the website generate a cryptographically strong
password at
10 matches
Mail list logo
