On Tuesday 25 March 2003 15:22, Bill Stewart wrote:
I get the impression that we're talking at cross-purposes here,
with at least two different discussions.
Yep. I haven't counted them up yet, but
the full discussion includes at least 6
disparate threads. The challenge is to
not arbitrarily
That's using a questionable measuring stick.
The damages paid out in a civil suit may be very
different (either higher, or lower) than the true
cost of the misconduct. Remember, the courts are
not intended to be a remedy for all harms, nor could
they ever be. The courts shouldn't be a
Has anyone ever weighted a PGP key's certification value as a
function of how many keys it's know to have certified?
The PGP keyserver folks perform a regular public keyring analysis:
http://keyserver.kjsl.com/~jharris/ka/2003-03-23/
http://dtype.org/keyanalyze/
Cheers,
Stefan.
On Tuesday 25 March 2003 22:34, Steven M. Bellovin wrote:
Let me quote what the (U.S.) 2nd Circuit Court of Appeals said in the
T.J. Hooper case (60 F.2d 737, 1932):
Indeed in most cases reasonable prudence is in face common prudence;
but strictly it is never its measure; a
I have to say I've watched this with a bit of puzzlement.
Meet in the middle attacks are perfectly real. I've seen them myself,
and toolkits to perform them are readily available out there. Ian's
vague comments about a lack of evidence of the economic impact
notwithstanding, it is unreasonable
I meant Man in the Middle, not Meet in the Middle. Sigh.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
On Tue, Mar 25, 2003 at 12:36:20AM -0500, Ian Grigg wrote:
| So, do we have two completely disjoint communities
| here? One group that avoids photo id and another
| that requires it? Or is one group or the other so
| small that nobody really noticed?
Yes.
One group thinks that a bad trust
Note that SSH is vulnerable to a Man in the Middle attack (not meet in
the middle -- that is an attack on 2DES where you attack from the
input and output and then meet in the middle). In particular SSH is
vulnerable if you do NOT have the long-term server key cached on the
client.
That
On Mon, 24 Mar 2003, Ian Grigg wrote:
I must be out of touch - since when did
PGP key signing require a photo id?
It does not. It is improper for a key-signing organizer to dictate signing
policy to individuals. When I wrote the Efficient Group Key Signing Method
paper[1], I specifically
http://online.wsj.com/article_print/0,,SB104868663390882600,00.html
The Wall Street Journal
March 26, 2003 4:46 p.m. EST
Network Associates Plans
Another Restatement of Results
By MARK BOSLET and RIVA RICHMOND
DOW JONES NEWSWIRES
Network Associates Inc. said Wednesday it would again
I believe that most browsers and even some TELNET/FTP/SMTP clients that
support START_TLS will allow the certificate to be saved as an
authenticator of the host provided that the certificate is not a
self-signed cert. If you do not want to use a commercial CA, then you
should generate your
11 matches
Mail list logo