Hi,
Ideas, comments and an open discussion are welcome to include the
following ideas in the manifesto.
- Client-support for certificate pinning (including pinning of self-signed
certificates).
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
On Thu, Nov 14, 2013 at 1:01 PM, Dave Cridland d...@cridland.net wrote:
On Thu, Nov 14, 2013 at 12:53 PM, Ralf Skyper Kaiser sky...@thc.orgwrote:
Hi,
Ideas, comments and an open discussion are welcome to include the
following ideas in the manifesto.
- Client-support for certificate
On Thu, Nov 14, 2013 at 4:49 PM, Matt Miller linuxw...@outer-planes.netwrote:
On Nov 14, 2013, at 9:34 AM, Ralf Skyper Kaiser sky...@thc.org wrote:
On Thu, Nov 14, 2013 at 4:24 PM, Dave Cridland d...@cridland.net
wrote:
On Thu, Nov 14, 2013 at 4:09 PM, Matt Miller linuxw...@outer
...@cridland.net wrote:
On Thu, Nov 14, 2013 at 4:34 PM, Ralf Skyper Kaiser sky...@thc.orgwrote:
Pinning does not require a CA at all (private or public). Why use a
feature (DANE) that requires a CA if it is possible to have the same level
of security with Pinning; which requires no CA, works
On Thu, Nov 14, 2013 at 6:11 PM, Matt Miller linuxw...@outer-planes.netwrote:
On Nov 14, 2013, at 10:43 AM, Ralf Skyper Kaiser sky...@thc.org wrote:
On Thu, Nov 14, 2013 at 4:49 PM, Matt Miller linuxw...@outer-planes.net
wrote:
On Nov 14, 2013, at 9:34 AM, Ralf Skyper Kaiser sky
no longer
depends on a ROOT MASTER KEY.
You mentioned two problems with pinning:
On Fri, Nov 15, 2013 at 10:26 AM, Winfried Tilanus winfr...@tilanus.comwrote:
On 14-11-13 18:47, Ralf Skyper Kaiser wrote:
Then to the certificate pinning: It has two problems:
- It is not very user friendly
Hi
On Fri, Nov 15, 2013 at 10:26 AM, Winfried Tilanus winfr...@tilanus.comwrote:
On 14-11-13 18:47, Ralf Skyper Kaiser wrote:
Hi,
d. How is the jabber server admin in control when everyone has to trust
the master root key and all subsequent keys up to the sub domain of the
jabber
technical.
On Fri, Nov 15, 2013 at 10:30 AM, Dave Cridland d...@cridland.net wrote:
On Fri, Nov 15, 2013 at 9:30 AM, Ralf Skyper Kaiser sky...@thc.orgwrote:
No. The user has to trust ALL keys and not just the single ROOT KEY. The
user has to trust:
1. The key was generated securely (enough bits
DNSSEC and pinning does. And in fact
pinning alone
I've drawn up example scenarios over and over.
On Mon, Nov 18, 2013 at 3:39 PM, Tony Finch d...@dotat.at wrote:
Ralf Skyper Kaiser sky...@thc.org wrote:
The user has to trust ALL keys and not just the single ROOT KEY.
That's true
cert-pinning in your manifesto.
regards,
Ralf
On Mon, Nov 18, 2013 at 3:39 PM, Tony Finch d...@dotat.at wrote:
Ralf Skyper Kaiser sky...@thc.org wrote:
The user has to trust ALL keys and not just the single ROOT KEY.
That's true, but the amount of trust you have to put in high-level
Hi
On Tue, Nov 19, 2013 at 12:26 PM, Ashley Ward ashley.w...@surevine.comwrote:
On 19 Nov 2013, at 11:58, Ralf Skyper Kaiser sky...@thc.org wrote:
This attack and vulnerability in the TLS authentication has been
recognized by all major browser manufactures. Pinning (on top of DNSSEC
Hi,
On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade th...@xnyhps.nl wrote:
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si...@buddycloud.com
wrote:
Automatic key pinning works for SSH, because private keys
On Tue, Nov 19, 2013 at 2:12 PM, Ashley Ward ashley.w...@surevine.comwrote:
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org wrote:
Pinning does not require any protocol change in its simplest form. It
can be done with just minor changes on the client side.
Agreed - in its
13 matches
Mail list logo
