On the employment situation... it seems that a lot of applied
cryptographers are currently unemployed...
Adam,
just interested: do you have a definition of what an
applied cryptographer is?
--
iang
-
The Cryptography
How effective is open source crypto?
http://www.securityspace.com/s_survey/sdata/200302/protciph.html
One measure is to look at how effective the
open source crypto regime is in getting
product out there. From the above, it is
fairly easy to suggest that strong crypto is
totally available to
Who's afraid of Mallory Wolf?
By common wisdom, SSL is designed to defeat
the so-called Man in the Middle attack, or
MITM for short.
Also known as Mallory, in crypto circles.
The question arises, why? For what reason is
the MITM a core part of the SSL threat model?
And, why do all the
On Saturday 22 March 2003 17:12, Douglas F. Calvert wrote:
I will be organizing a keysigning session for CFP2003. Please submit
your keys to [EMAIL PROTECTED] and I will print out
On Monday 24 March 2003 11:37, Peter Clay wrote:
On Sun, 23 Mar 2003, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use of a credit card (CC).
(Over any
On Monday 24 March 2003 13:02, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Ian Grigg writes:
Who's afraid of Mallory Wolf?
Even worse, there's not been any known MITM of
any aggresive form. The only cases known are
a bunch of demos, under laboratory conditions.
They don't
On Monday 24 March 2003 14:11, David Turner wrote:
Grigg counts the benefits of living in a MITM-protected world (no MITM
attacks recorded), as though they would happen with or without MITM
protection. Is there any reason to believe that's this is, in fact,
true?
That is indeed the question,
On Monday 24 March 2003 19:26, bear wrote:
On Mon, 24 Mar 2003, Peter Clay wrote:
On Sun, 23 Mar 2003, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use
On Tuesday 25 March 2003 00:22, Jeroen van Gelderen wrote:
On Monday, Mar 24, 2003, at 22:32 US/Eastern, bear wrote:
On Mon, 24 Mar 2003, Jeroen C. van Gelderen wrote:
It's rather efficient if you want to sign a large number of keys of
people you mostly do not know personally.
Right,
On Tuesday 25 March 2003 12:07, bear wrote:
On Tue, 25 Mar 2003, Ian Grigg wrote:
Which gets us to the next stage of the
analysis (what did they cost!).
Wait. Time out. good stuff snipped
I don't think mere monetary costs are even germane to
something like this. The costs
On Tuesday 25 March 2003 13:17, David Wagner wrote:
I'm skeptical. Just because the cost is
subjective doesn't mean we should ignore the cost.
I agree with that ... I was converting the
subjective harm into an objective cost.
I certainly wasn't intending to ignore it :-)
But, luckily, there
On Tuesday 25 March 2003 15:22, Bill Stewart wrote:
I get the impression that we're talking at cross-purposes here,
with at least two different discussions.
Yep. I haven't counted them up yet, but
the full discussion includes at least 6
disparate threads. The challenge is to
not arbitrarily
On Tuesday 25 March 2003 22:34, Steven M. Bellovin wrote:
Let me quote what the (U.S.) 2nd Circuit Court of Appeals said in the
T.J. Hooper case (60 F.2d 737, 1932):
Indeed in most cases reasonable prudence is in face common prudence;
but strictly it is never its measure; a
Arnold G. Reinhold [EMAIL PROTECTED] wrote:
The Army actually has a training course (from 1990) on-line that
describes such a system in detail. The cipher system, called DRYAD is
covered in
https://hosta.atsc.eustis.army.mil/cgi-bin/atdl.dll/accp/is1100/ch4.htm
.
Your description fits, it
14 matches
Mail list logo