Hi David,
Most private keys are issued by, not merely certified by, the CAs.
Can you give numerical evidence for this claim?
Device certificates (those that go into mass manufactured products)
typically have the CA provide both keys and cert. The back and forth of
keygen-CSR-Sign-Return per
On 9/6/2013 6:58 AM, Ralph Holz wrote:
Hi,
On 09/06/2013 07:12 AM, James A. Donald wrote:
Most private keys are issued by, not merely certified by, the CAs.
Can you give numerical evidence for this claim?
Device certificates (those that go into mass manufactured products)
typically have
Most private keys are issued by, not merely certified by, the CAs.
If issued by, not private. Chances are the controlling authority also
gets a copy of that private key.
To install your keys on your https server is painful, despite numerous
people assuring me it is easy, and involves
2013/9/6 ianG i...@iang.org
Hmmm, curious. I haven't seen that. I would also suspect it breaks a lot
of CPSs and user agreements. But no matter, they're all broken anyway.
A 'user agreement' is an agreement between a company and a 'user'. All
claims in it shall hold valid unless law
On 2013-09-06 11:58 PM, Ralph Holz wrote:
I'd be surprised if a majority of CAs
insisted on generating the key for you.
No one insists, as far as I know. The problem is that idiocy is
possible and permissible, not that it is mandatory.
___
On 9/5/13 6:25 PM, Andy Isaacson wrote:
However, virtually nobody properly keys their ciphers with physical
entropy. I suspect that correlated key PRNG attacks are almost
certainly a significant part of the NSA/GCHQ crypto break. Many
deployed systems expose a significant amount of correlated