Re: $90 for high assurance _versus_ $349 for low assurance

At 9:24 PM + 3/11/05, Ian G wrote: Does anyone have a view on what low and high means in this context? Indeed, what does assurance mean? :-) By what market price, of course. Verisign is more well known to the average schmuck than godaddy is, and, apparently, the average schmuck forks over

Re: $90 for high assurance _versus_ $349 for low assurance

Does anyone have a view on what low and high means in this context? Indeed, what does assurance mean? Just last week I was trying to figure out what the difference was between a StarterSSL certificate for $35 (lists at $49 but you might as well sign up for the no-commitment reseller price) and a

Re: comments wanted on gbde

-- I can see no faults in gbde other than that it is too clever by half. The implementor imagined various vaguely imagined complicated attacks, and put in all sorts of overly clever stuff to defeat them. Let us stick with the threat model where the bad guys kick down your door and yank

RE: Colliding X.509 Certificates

Hi Joerg, My concern is not MD5, its SHA-1. I don't see that we can get rid of SHA-1 in certificates in the next 5 years: * None of the alternatives is widely implemented today. * For controlled environments like in-house applications you might be able to switch earlier (0-2 years). * In

RE: I'll show you mine if you show me, er, mine

James A. Donald said: There seem to be a shitload of protocols, in addition to SPEKE and DH-EKE ... Can anyone suggest a well reviewed, unpatented, protocol that has the desired properties? Unpatented will be your biggest hurdle. I collaborated on the development of a strong password protocol

ocf-linux-20050315 - Asynchronous Crypto support for linux (fwd from [EMAIL PROTECTED])

From: David McCullough [EMAIL PROTECTED] Subject: ocf-linux-20050315 - Asynchronous Crypto support for linux To: [EMAIL PROTECTED], linux-kernel@vger.kernel.org Cc: Andrew Morton [EMAIL PROTECTED], James Morris [EMAIL PROTECTED], Herbert Xu [EMAIL PROTECTED] Date: Tue, 15 Mar 2005 23:36:44

Re: Encryption plugins for gaim

Adam Fields wrote: Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. Specifically, I note gaim-otr, authored by Ian G, who's on this list. Just a quick note of clarification, there is a collision in the name Ian G. 4

Re: $90 for high assurance _versus_ $349 for low assurance

On Wed, Mar 16, 2005 at 02:23:49AM +1300, Peter Gutmann wrote: Certainly with UIXC it's not worth anything. What is UIXC? -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security,

Re: Encryption plugins for gaim

On Mon, Mar 14, 2005 at 01:19:04AM -0500, Adam Fields wrote: Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. Specifically, I note gaim-otr, authored by Ian G, who's on this list. Ian - would you care to share

Crack in Computer Security Code Raises Red Flag

http://online.wsj.com/article_print/0,,SB111084838291579428,00.html The Wall Street Journal March 15, 2005 PAGE ONE Crack in Computer Security Code Raises Red Flag Obscure but Worrying Flaw Compromises 'Fingerprint' Widely Used on Internet By CHARLES FORELLE Staff Reporter of THE WALL