Hi Tony,
DNSSEC is a step into the right direction. I do not dispute that and salute
the jabber community for recognizing this.
DNSSEC reduces the risk of an active attack. DNSSEC does not eliminate that
risk.
On the client/user side this is not sufficient. DNSSEC wont give the user
the
Hi Tony,
DNSSEC is a step into the right direction. I do not dispute that and salute
the jabber community for recognizing this.
DNSSEC reduces the risk of an active attack. DNSSEC does not eliminate that
risk. DNSSEC in fact only marginally reduces this risk considering the
real-world attacks
I don't think anyone here is advocating for downgrading security or not
respecing human rights.
I do think that we're being pretty sanguine about not letting the perfect
become the enemy of the good and incrementally upgrading XMPP's security.
Good security is based on layering trust and trust
On 19 Nov 2013, at 11:58, Ralf Skyper Kaiser sky...@thc.org wrote:
This attack and vulnerability in the TLS authentication has been recognized
by all major browser manufactures. Pinning (on top of DNSSEC) is being
implemented as we speak. Why jabber tries so hard of being less secure than
Hi
On Tue, Nov 19, 2013 at 12:26 PM, Ashley Ward ashley.w...@surevine.comwrote:
On 19 Nov 2013, at 11:58, Ralf Skyper Kaiser sky...@thc.org wrote:
This attack and vulnerability in the TLS authentication has been
recognized by all major browser manufactures. Pinning (on top of DNSSEC) is
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si...@buddycloud.com wrote:
I don't think anyone here is advocating for downgrading security or not
respecing human rights.
I do think that we're being pretty
Hi,
On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade th...@xnyhps.nl wrote:
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si...@buddycloud.com
wrote:
Automatic key pinning works for SSH, because private keys
On 19 nov. 2013, at 14:07, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi,
On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade th...@xnyhps.nl wrote:
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org wrote:
Pinning does not require any protocol change in its simplest form. It can be
done with just minor changes on the client side.
Agreed - in its simplest form you could use it on the c2s connection to ensure
the server’s
On Tue, Nov 19, 2013 at 2:12 PM, Ashley Ward ashley.w...@surevine.comwrote:
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org wrote:
Pinning does not require any protocol change in its simplest form. It
can be done with just minor changes on the client side.
Agreed - in its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/19/13 9:21 AM, Ralf Skyper Kaiser wrote:
On Tue, Nov 19, 2013 at 2:12 PM, Ashley Ward
ashley.w...@surevine.com mailto:ashley.w...@surevine.com
wrote:
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org
mailto:sky...@thc.org
Ralf Skyper Kaiser sky...@thc.org wrote:
The user has to trust ALL keys and not just the single ROOT KEY.
That's true, but the amount of trust you have to put in high-level DNSSEC
keys is relatively limited. DNSSEC is aware of zone cuts, and high-level
keys cannot authenticate domain names
On Thu, Nov 14, 2013 at 6:11 PM, Matt Miller linuxw...@outer-planes.netwrote:
On Nov 14, 2013, at 10:43 AM, Ralf Skyper Kaiser sky...@thc.org wrote:
On Thu, Nov 14, 2013 at 4:49 PM, Matt Miller linuxw...@outer-planes.net
wrote:
On Nov 14, 2013, at 9:34 AM, Ralf Skyper Kaiser
On 15-11-13 10:30, Ralf Skyper Kaiser wrote:
Hi,
1. You are a gay person in Iran
2. An Atheist in Saudi Arabia (or a women)
3. Leonardo da Vinci and dare to suggest that the earth is round
4. A black person wishing to sit in the front row of a bus
5 ...
One of the lessons from Snowden is
Hi,
Definition:
- POST-Prism means the time after PRISM. What we know now. It does not
imply that PRISM ever carried out a DNSSEC or DNS attack. Sorry if this was
not clear.
- Khomeini: Sorry, you are right. He is dead. Use Khamenei. Sorry for the
typo. Makes zero difference.
Let's stay
15 matches
Mail list logo