Chris Palmer [EMAIL PROTECTED] writes:
James A. Donald writes:
Further, genuinely secure systems are now becoming available, notably
Symbian.
What does it mean for Symbian to be genuinely secure? How was this determined
and achieved?
By executive fiat.
Peter.
Gregory Hicks [EMAIL PROTECTED] writes:
As for applying for one now, I think the deadline for the non-RFID passwords
is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if
your application is not in processing by 31 Oct, then you get the new,
improved, RFID passport.)
Ahh,
http://www.bluegemsecurity.com/ claims that they can encrypt data from the
keyboard to the web browser, bypassing trojans and sniffers, however the web
pages are completely lacking in any detail on what they're actually doing.
From reports published by West Coast Labs, it's a purely software-only
http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem
May possibly run a very cut-down version of Linux, otherwise you'd be stuck
with DOS.
Peter.
During a recent discussion about secure crypto device bootstrap and
attestation capabilities, I realised that of the three devices for which this
was implemented and for which documentation was available (Fortezza, IBM 4758,
and Dallas Crypto iButton), I either don't have any documentation for the
From a private mailing list, therefore anonymised. A European visitor to the
US is describing going through the US immigation procedure. His comment on
the fingerprinting process:
I waited at that moment for messages like freedom is slavery
The response:
Ignorance is strength already
http://news.yahoo.com/news?tmpl=storyu=/ap/20050607/ap_on_re_us/chain_saw_border
Man With Chain Saw Allowed to Enter U.S.
On April 25, Gregory Despres arrived at the U.S.-Canadian border crossing at
Calais, Maine, carrying a homemade sword, a hatchet, a knife, brass knuckles
and a chain
DiSToAGe [EMAIL PROTECTED] writes:
it seems now intel say there is no DRM in there chips.
No, it's very careful to say that there is no *unannounced* DRM in their
chips, in the same way that we have had no undetected penetrations of our
security.
Peter.
Jay Listo [EMAIL PROTECTED] writes:
I am also not aware of any products or PKIs that use SPKI certs. I would
really appreciate if someone could refer me to instances of actual usage of
SPKI certs.
They were never really used. The great feature of SPKI is that it's not X.509
(so it's a design
We were somewhere around Barstow on the edge of the desert when the drugs
began to take hold.
The following was my variant on this from a few years ago, representing the
56th IETF PKIX meeting minutes. Note that this is from the book form, not the
film version of the text:
-- Snip --
We were
R.A. Hettinga [EMAIL PROTECTED] forwarded:
Briefly, it works like this: point A transmits an encrypted message to point
B. Point B can decrypt this, if it knows the password. The decrypted text is
then sent back to point A, which can verify the decryption, and confirm that
point B really does
Barry Shein [EMAIL PROTECTED] writes:
Eventually email will just collapse (as it's doing) and the RBOCs et al will
inherit it and we'll all be paying 15c per message like their SMS services.
And the spammers will be using everyone else's PC's to send out their spam, so
the spam problem will
Tyler Durden [EMAIL PROTECTED] writes:
That chip...is it likely to be an ASIC or is there already such a thing as
a security network processor? (ie, a cheaper network processor that only
handles security apps, etc...)
Or could it be an FPGA?
Neither. Currently they've typically been
R.A. Hettinga [EMAIL PROTECTED] forwarded:
Promoting implanted RFID devices as a security measure is downright 'loco,'
says Katherine Albrecht. Advertising you've got a chip in your arm that
opens important doors is an invitation to kidnapping and mutilation.
Since kidnapping is sort of an
Steve Furlong [EMAIL PROTECTED] writes:
I tried, years before _UC_ came out, to get some friends to name their
daughter Chlamydia. They didn't know what the word meant, but for some reason
didn't trust my advice. Nor did they like Pudenda.
One of the characters in Hercules Returns is called
Tyler Durden [EMAIL PROTECTED] writes:
Anyone know from first-hand experience about cellphone jammers?
I need...
1) A nice little portable, and
Try the SH066PL, a nice portable that looks exactly like a cellphone, it's one
of the few portables I know of.
2) A higher-powered one that can black
ken [EMAIL PROTECTED] writes:
James A. Donald wrote:
So far the Pentagon has
shattered the enemy while suffering casualties of about a thousand,
which is roughly the same number of casualties as the British empire
suffered doing regime change on the Zulu empire - an empire of a
quarter of a
James A. Donald [EMAIL PROTECTED] writes:
I find this very hard to believe. Post links, or give citations.
Normally I'd dig up various refs, but since this topic has been beaten to
death repeatedly in places like soc.history.medieval, and the debate could
well go on endlessly in the manner of
R.A. Hettinga [EMAIL PROTECTED] writes:
These were not the sort of sporting arrows skillfully shot toward gayly
colored targets by Victorian archery societies (charmingly described by Mr.
Soar in later chapters) but heavy bodkin pointed battle shafts that went
through the armor of man and horse.
[EMAIL PROTECTED] (=?iso-8859-1?Q?Tiarn=E1n_=D3_Corr=E1in?=) writes:
The Russians (for example) conquered Hitler's capital, Berlin. And I believe
the Russian zone in Germany was larger than any of the others, reflecting the
fact that Stalin bore most of entire burden of defeating Germany,
James A. Donald [EMAIL PROTECTED] writes:
But it is hardly a matter of holding out. So far the Pentagon has
shattered the enemy while suffering casualties of about a thousand,
We're talking about different things, the War on Bogeymen vs. the War for Oil.
In its war on bogeymen, the most notable
R.A. Hettinga [EMAIL PROTECTED] writes:
Germany 1944 does not equal USA 2004, no matter how hard you twist the
kaleidoscope.
Fighting an unwinnable war always seems to produce the same type of rhetoric,
whether it's the war on some drugs, the war on anyone Bush doesn't like, or
the war on
Eugen Leitl [EMAIL PROTECTED] writes:
On Tue, Nov 02, 2004 at 08:16:41AM -0500, R. A. Hettinga wrote:
http://online.wsj.com/article_print/0,,SB109936293065461940,00.html
No cypherpunks content. Just local politics.
And it's not even original, they've mostly just translated it into English,
R.A. Hettinga [EMAIL PROTECTED] writes:
At 3:32 AM +1300 11/3/04, Peter Gutmann wrote:
Eugen Leitl [EMAIL PROTECTED] writes:
On Tue, Nov 02, 2004 at 08:16:41AM -0500, R. A. Hettinga wrote:
http://online.wsj.com/article_print/0,,SB109936293065461940,00.html
No cypherpunks content. Just local
John Young [EMAIL PROTECTED] writes:
Generously, the US government offers a complete set of photos,
drawings, process diagrams and descriptions for an RDX manufacturing
plant. Library of Congress has the info in its Historic American
Engineering Record.
It's not all too hard to make from
Alan Barrett [EMAIL PROTECTED] writes:
On Tue, 12 Oct 2004, John Kelsey wrote:
but there doesn't seem to be a clean process for determining how
skilled an attacker needs to be to, say, scan my finger once, and
produce either a fake finger or a machine for projecting a fake
fingerprint into the
http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600794thesection=newsthesubsection=general
Ease off says air security boss
15.10.2004
Security on domestic flights is too strict and should be downgraded, says the
head of the Aviation Security Service.
General manager Mark Everitt, a former
Looks like you can mess up voting even if there is a paper trail. These are
paper votes that are electronically counted, so the problem was in the
electronic processing, not the actual voting procedure.
R. A. Hettinga [EMAIL PROTECTED] writes:
NEWARK, Sept. 30 - Laetitia Bohn walked into Newark Liberty International
Airport on Thursday, dazed and sleepy after an eight-hour flight from Paris,
and was jolted from her reverie when an immigration officer asked for her
photograph and fingerprints
Steve Furlong [EMAIL PROTECTED] writes:
On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote:
The US now has the dubious distinction of being more obnoxious to get through
the borders than the former East Germany (actually even without this measure,
the checks had become at least as obnoxious
Major Variola (ret) [EMAIL PROTECTED] writes:
AN is extremely deliquescent; perhaps the sulphate was for that?
No, it was specifically required as a desensitiser by the European nitrogen
cartel, since they felt the pure nitrate was too dangerous for processing into
fertiliser.
Removing chunks
Eugen Leitl [EMAIL PROTECTED] writes:
About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the
largest, if not *the* largest nonnuclear explosions ever.
The largest man-made explosion is usually claimed to be Halifax (about 3000
tons of assorted HE's), but there are a pile of
J.A. Terranson [EMAIL PROTECTED] writes:
Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes,
yes?) could produce that kind of result! How much was there?
4,500 tons, of which only 10% detonated.
(The nitrate was desensitised with ammonium sulfate and stored outside,
Globalwin has just introduced an external hard drive enclosure
(http://www.htpcnews.com/main.php?id=dorri_1) with built-in 40-bit DES
encryption (and if it's the HW I think it is, that's 40-bit DES in ECB mode,
and the vendor generates the key for you).
Peter.
The threats on New York, New Jersey and Washington DC serve as a reminder
that the terrorists are among us here at home.
He went on to remind citizens to stay alert, trust no-one, and keep their
lasers handy.
Peter.
Eugen Leitl [EMAIL PROTECTED] writes:
Assuming I generate a key on a RSA smart card made by GD, what kind of
prestige track do these people have?
They seem to be pretty secretive, that's not a good sign.
GD produce (or help produce) things like banknotes and passports (and have
been doing so
Eugen Leitl [EMAIL PROTECTED] writes:
I have no smart card background, unfortunately. I've heard GD ignores
requests from open source developer people, though.
Yup. It's standard banking-industry stuff, unless you're a large
bank/government/whatever and are prepared to sign over your firstborn
Justin [EMAIL PROTECTED] writes:
HOUSTON (Reuters) - Law enforcement officials said on Monday they are looking
for a man seen taking pictures of two refineries in Texas City, Texas.
At Usenix Security a few years back, we [a bunch of random security people,
most of whom were foreign nationals]
Tyler Durden [EMAIL PROTECTED] writes:
*: A year or two ago someone posted about the blow up of Texas City back in
the early 1950s.
1947.
Apparently, some kind of tanker hit something else and set of a chain
reaction killing thousands and wiping out the town
After several earlier events (the
Thomas Shaddack [EMAIL PROTECTED] writes:
There are many various embedded computers available on the market, eg. the
one from http://www.gumstix.com/. (Question for the crowd: anybody knows
other comparable or better Linux-ready affordable embedded computer
solutions?)
When I investigated this a
Tyler Durden [EMAIL PROTECTED] writes:
If they took out a few key COs downtown one morning the effect on the economy
would be significant.
It depends on what your goal is. As someone else on this list pointed out,
terrorism is just another form of PR. If OBL took out (say) that huge ATT CO
in
At 01:53 AM 6/25/2004, Eugen Leitl wrote:
The transcription rules for furriner names are strict, too.
No Phn'glui M'gl wna'f, Cthulhu R'lyeh Wgha Nagl Ftaghn for you.
Just as well. They'd probably make you fill the form out in triplicate,
In his house at R'lyeh, dead Cthulhu waits knitting? I
I presume most people have by now read Cringely's piece on hacked Linux for
Linksys WRT54G (and clones):
[...]
It does VoIP, prioritizes traffic, has currently VPN pass-through and will do
IPsec on future mesh-supporting firmware.
You forgot to mention sometimes it'll stay up for as long as
R. A. Hettinga [EMAIL PROTECTED] forwarded:
So now the NSA's secret is out. The Iranians have undoubtedly changed
their encryption machines, and the NSA has lost its source of Iranian
secrets. But little else is known. Who told Chalabi? Only a few
people would know this important U.S. secret,
There's an interesting look at the situation in Iraq from the point of view of
a third-party contractor, in an article in the Sunday Star Times,
http://www.stuff.co.nz/stuff/sundaystartimes/0,2106,2908644a6442,00.html.
Most quotable quote:
The thing that pisses us off is the Yanks had no idea
Major Variola (ret) [EMAIL PROTECTED] writes:
PS: what happens if your passport's chip doesn't work? Do you get sent back
and the airline fined $10K? Do you wait extra time while the still-readable
passport number indexes your record online? How much extra time? (Anyone
have experience with
Eugen Leitl [EMAIL PROTECTED] writes:
A way that works would involve passphrase-locked keyrings, and forgetful
MUAs (this mutt only caches the passphrase for a preset time).
A way that works *in theory* would involve The chances of any vendor
of mass-market software shipping an MUA where
R. A. Hettinga [EMAIL PROTECTED] writes:
If we really do get cryptographic signatures on email in a way that works,
expect 80% of all spam to be blown away as a matter of course.
I think you mean:
If we really do get cryptographic signatures on email in a way that works,
expect 80% of all
Nomen Nescio [EMAIL PROTECTED] writes:
After WWI the winners humiliated the loosers badly. This is one of the main
reasons Hitler came to power and got support from the Germans for the
aggressions that started the war. He managed to use these feelings of being
treated as dogs and paying to heavy
coderman [EMAIL PROTECTED]
I have written some poor code and info regarding the C5XL (nehemiah) and
linux:
http://peertech.org/hardware/viarng/
I've got code to use it under Windows in the latest cryptlib snapshots (soon
to be the 3.1 release), which you can grab via the download link at
Hallam-Baker, Phillip [EMAIL PROTECTED] writes:
DNSSEC is not happening, blame Randy Bush and the IESG for refusing the
working group consensus and imposing their own idea that cannot be deployed.
An experimental protocol that increases the volume of data in the .com zone
by an order of magnitude
Stirling Westrup [EMAIL PROTECTED] writes:
Does anyone know of a good partition encryptor for Windows? I know of an
accountant who would like to encrypt her client's financial data. She's stuck
with Windows until such time as a major company starts shipping yearly tax
software for linux.
Tim May [EMAIL PROTECTED] writes:
(I bought _one_ lottery ticket, for $1, just to see how the numbers were
done. Lotteries are of course a tax on the gullible and stupid.)
A friend of mine likes to say that lotteries are a tax on stupidity: The
dumber you are, the more tax you have to pay.
Looks like the USG is going to outdo its ITAR silliness of a few years ago
with something even more ridiculous: Grammar and spelling corrections now
require an export license. The following was forwarded to me by Clark
Thomborson:
-- Snip --
Dear colleagues,
If I'm reading
Dave Howe [EMAIL PROTECTED] writes:
I was under the impression they had just licenced their *patent*
Yup, and that's all they did. I've seen some downright bizarre
interpretations of this particular portent on the web (cough
slashdot/cough), but the simple fact is that the NSA, in its role as
Thomas Shaddack [EMAIL PROTECTED] writes:
Also Speak Freely maintenance is ending.
Not really. The project is moved to Sourceforge.
Isn't that synonymous with Speak Freely maintenance is ending?
Peter :-).
Kevin S. Van Horn [EMAIL PROTECTED] writes:
I can think of several entirely ethical uses of nuclear weapons, with the
usage not motivated by hate but simple utility:
1. You have a large invading fleet approaching your nation. A few nukes out
in the middle of the ocean could handily take out the
Steve Schear [EMAIL PROTECTED] writes:
At 01:46 AM 3/28/2003 +1200, Peter Gutmann wrote:
John Young [EMAIL PROTECTED] writes:
Whether either of these work as bragged or are psyop mirages is worth betting
an WMD Indian nickle on.
It's a cool toy, but I can't see someone using a $1M e-bomb when
Steve Schear [EMAIL PROTECTED] writes:
I seem to recall that with sufficient knowledge and commonly available
detonators shaped explosive charges can be configured to hurl heavy
explosive payloads, much like a mortar, with fair accuracy, great distance
or very high velocity. I can't seem to find
Bill Stewart [EMAIL PROTECTED] writes:
At 04:14 PM 03/26/2003 +1200, Peter Gutmann wrote:
The RAF used an EFP in 1989 to assassinate the chairman of Deutsche Bank
I assume that's some Italian or German group's acronym and not Britain's
Royal Air Force? :-)
Red Army Faction, a German terrorist
Bill Stewart [EMAIL PROTECTED] writes:
Schmoo Group response on cryptonomicon.net
http://www.cryptonomicon.net/modules.php?name=Newsfile=articlesid=263mode=order=0thold=0
Apparently OpenSSL has code to prevent the timing attack,
but it's often not compiled in (I'm not sure how much that's for
Eric Cordian [EMAIL PROTECTED] writes:
We've pretty much gotten to the point where the only places real news can be
found in America these days is on Indymedia and The Daily Show with Jon
Stewart. A sad situation for a country with an alleged free press.
There was an article in some UK paper
Mike Rosing [EMAIL PROTECTED] writes:
From http://www.cavium.com/newsevents_Nitrox2PR.htm: Product pricing at 1KU
lot quantities ranges from $295 for the CN2130 to $795 for the CN2560. The
NITROX II Software Development Kit is priced at $9995.
Not priced for a huge number of implementors. They
John Bethencourt [EMAIL PROTECTED] writes:
On Wed, Feb 26, 2003 at 10:02:05PM +1300, Peter Gutmann wrote:
Well, I made a start a few years ago with Network Security: A Feminist
Perspective (done when people ask me to do security talks for them without
bothering to specify which aspect of security
Bill Stewart [EMAIL PROTECTED] writes:
Actually doing a female-oriented physics or teaching curriculum is fine, if
somebody can do a good job of it.
Well, I made a start a few years ago with Network Security: A Feminist
Perspective (done when people ask me to do security talks for them without
Thomas Shaddack [EMAIL PROTECTED] writes:
Second, where did the number 7 really come from?
From the OSI 7-layer model, which took it from the fact that the number 7 is
sacred to a certain tribe in Borneo (see The Elements of Networking Style,
by Mike Padlipsky).
Peter.
After much procrastination I recently put the Crypto Gardening Guide and
Planting Tips online at
http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt, this may be of
interest to readers. From the introduction:
There has been a great deal of difficulty experienced in getting research
Bill Stewart [EMAIL PROTECTED] writes:
I have heard of one case where somebody was stopped in Nevada, and instead of
presenting his California driver's license, if any, he presented his
somewhere-in-the-Caribbean non-photo license and an international driver's
license, and that was just fine for
Tim May [EMAIL PROTECTED] writes:
Collecting valid name information costs a vendor money (both in labor,
computerization/records, and in driving some customers elsewhere). It also
deters some people from completing transactions.
To see an example of data collection done on a grand scale, have a
Tim May [EMAIL PROTECTED] writes:
On Tuesday, December 31, 2002, at 09:49 AM, Kevin Elliott wrote:
At 12:12 -0500 on 12/31/02, Adam Shostack wrote:
Rummaging through my wallet...a grocery card in the name of Hughes, a
credit card with the name Shostack, and an expired membership card in
the
[Apologies if you've seen this before, one of our machines has been quietly
dropping outgoing mail...]
Major Variola (ret) [EMAIL PROTECTED] writes:
It's a mirror image to the government's plan to empower some Americans to
check on their neighbors, under a program known as the Terrorism
Steve Schear [EMAIL PROTECTED] writes:
I read some books in my youth on SH and found I could put myself in a self-
induced altered reality state from which I could not be easily awakened.
I've had that too, listening to pre-election party political broadcasts.
physical abuse might be thwarted
David Honig [EMAIL PROTECTED] writes:
Wouldn't a crypto coder be using paranoid-programming skills, like
*checking* that the memory is actually zeroed? (Ie, read it back..)
I suppose that caching could still deceive you though?
You can't, in general, assume the compiler won't optimise this away
[Moderator's note: FYI: no pragma is needed. This is what C's volatile
keyword is for.
No it isn't. This was done to death on vuln-dev, see the list archives for
the discussion.
Peter.
Scribe [EMAIL PROTECTED] writes:
The technology 'sees' the shapes made when radio waves emitted by mobile
phone masts meet an obstruction. Signals bounced back by immobile objects,
such as walls or trees, are filtered out by the receiver. This allows
anything moving, such as cars or people, to
KPMG have a report The Digital Challenge: Are You Prepared? available at
http://www.kpmg.com/news/index.asp?cid=660 in which they surveyed execs at
media companies and conclude that they're focusing too much on (trying to)
lock up content using encryption rather than how to do something useful
I recently came across a real-world use of steganography which hides extra
data in the LSB of CD audio tracks to allow (according to the vendor) the
equivalent of 20-bit samples instead of 16-bit and assorted other features.
According to the vendors, HDCD has been used in the recording of more
James A. Donald [EMAIL PROTECTED] writes:
To the extent that real people are using digitally signed and or encrypted
messages for real purposes, what is the dominant technology, or is use so
sporadic that no network effect is functioning, so nothing can be said to be
dominant?
For encryption,
At most, it'll contain a name+password for HTTP basic-auth (and to identify
users to the site so they can be connected with the info they supplied at
purchase time). You've spent too long in the crypto world.
Having poked around in the FAQ (I can't believe I'm wasting my time on this),
it could
James A. Donald [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
All they're doing is reading a URL off a USB dongle
(technically a 256-byte I2C memory card plugged into a
reader, but in effect the combination is a USB dongle).
That's a no-brainer, I can do that with two wires taped to
the card
James A. Donald [EMAIL PROTECTED] writes:
On 25 Sep 2002 at 18:36, Neil Johnson wrote:
Hey don't forget you can still buy a smart card reader from
that most cypherpunkish of babes BRITNEY SPEARS ! Only $30 !
https://www.visiblevisitors.com/mltest/order_form.asp
A previous poster suggested
I wrote:
The FAQ handwaves the details, so it could be either 1 or 3. Can someone who
has one of these things try reading the ATR off it?
He Who has No Shame [0] reports that it's a GemClub memory card, which is
reasonably similar to the old SLE4428-style cards: 256 bytes of memory, some
of it
As part of its tour of Nvidia, Anandtech got to look at an FIB workstation of
the kind used for (among other things) reverse-engineering and modifying
semiconductors. For those who have never seen one of these things, there are
photos at http://www.anandtech.com/video/showdoc.html?i=1711p=9
James A. Donald [EMAIL PROTECTED] writes:
Increasingly however, we see smartcard interfaces sold for PCs. What for, I
wonder?
Companies buy a few readers for their developers who write software to work
with the cards. They may even roll out a few in pilots, and put out a stack of
press
another woman, Rose Ann Carroll, were arrested March 27 at a Kohls
department store in Fort Worth on charges of theft $50 to $500.
I wasn't follownig the news ... they didn't get Osama, did they ?
No, although there was a brief scare when it was reported that bed Linen had
been spotted in
Lucky Green [EMAIL PROTECTED] quoted:
The feat proves that even if all the polio virus in the world were
destroyed, it would be easily possible to resurrect the crippling
disease. It also raises the worrying possibility that bioterrorists
could use a similar approach to create devastating
Eric Murray [EMAIL PROTECTED] writes:
On Fri, Jul 12, 2002 at 07:14:55PM +1200, Peter Gutmann wrote:
From a purely economic perspectice, I can't see how this will fly. I'll pull a
random figure of $5 out of thin air (well, I saw it mentioned somewhere but
can't remember the source
R. A. Hettinga [EMAIL PROTECTED] writes:
WAVE, some of you might remember, was started by a former NatSemi Chairman
back before the internet got popular. It was going to be a dial-up book-entry-
to-the-screen content control system with special boards and chips patented to
down to it's socks.
I was reading a late-70's paper on computer security recently when I saw that
it contains a nice quote about the futility of trying to use biometrics to
prevent Sept.11-type attacks, I thought I'd share it with people:
When a highway patrolman is sent to his duty, he has to be given the
Greg Newby [EMAIL PROTECTED] writes:
Some electronic journals, some conferences and some print journals now let
authors retain copyright or, if they keep copyright, allow authors to do what
they please with their work.
Usenix is really good with this. You agree not to re-publish anything for a
Derek Atkins [EMAIL PROTECTED]
[EMAIL PROTECTED] (Peter Gutmann) writes:
For example the value
1234567890 taken in isolation could be anything from my ICQ number
to my shoe size in kilo-angstroms, but if you view it as the pair {
ICQ domain, locally unique number } then it makes sense
Peter Gutmann should be declared an international resource.
Thankyou Nobody. You should have found the e-gold in your acount by now :-).
Only one little thing mars this picture. PKI IS A TREMENDOUS SUCCESS WHICH IS
USED EVERY DAY BY MILLIONS OF PEOPLE. Of course this is in reference
Dan Geer [EMAIL PROTECTED] writes:
I founded this series in 1995 and was proud to have done so; we ran them in
1996 and 1998 as well, but the cutting edge quickly moved away from USENIX's
core and forte to where every conference organizer on the planet had an e-
commerce workshop of some sort up
[EMAIL PROTECTED] writes:
On 27 May 2002 at 19:56, Peter Gutmann wrote:
[EMAIL PROTECTED] writes:
My impression is that S/MIME sucks big ones, because it commits one
to a certificate system based on verisign or equivalent.
I'll say this one more time, slowly for those at the back: What you're
Eric Murray [EMAIL PROTECTED] writes:
Additionally, there is nothing that prevents one from issuing certs that can
be used to sign other certs. Sure, there are key usage bits etc but its
possible to ignore them. It should be possible to create a PGP style web of
trust using X.509 certs, given
[EMAIL PROTECTED] writes:
My impression is that S/MIME sucks big ones, because it commits one to a
certificate system based on verisign or equivalent.
I'll say this one more time, slowly for those at the back: What you're
criticising is PEM circa 1991, not S/MIME. Things have moved on a bit
Curt Smith [EMAIL PROTECTED] writes:
1. How do you create a X.509 signing hierarchy?
Grab whatever crypto software you feel most comfortable with that does X.509
and start cranking out certs.
2. Can you add additional algorithms (ie. Twofish)?
Certs are for public-key algorithms, so Twofish
contrary [EMAIL PROTECTED] writes:
As long as you obtain your S/MIME certificate from an apporved CA, using an
approved payment method and appropriate identification.
The only CA-issued certs I've ever used were free, and under a bogus name.
Usually I just issue my own. You really need to
Curt Smith [EMAIL PROTECTED] writes:
Certificate Authorities issue certificates complete with CA imposed expiration
dates and usage limitations. (I prefer independent systems with unrestricted
certificates)
So issue your own. Honestly, why would anyone want to *pay* some random CA for
this?
Meyer Wolfsheim [EMAIL PROTECTED] writes:
S/MIME support is in just about every popular email client out of the box.
Why is PGP more widely used?
[Good reasons snipped]
Those who care about security [0] use PGP, the rest use S/MIME. To steal a
line from Hexed:
S/MIME: For people who could
1 - 100 of 102 matches
Mail list logo