(See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/
Feds put heat on Web firms for master encryption keys
Whether the FBI and NSA have the legal authority to obtain the master keys
that
On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
(See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
Would Convergence help here? I can't see how. If a government
secretly aquired the SSL private keys for a site, and the site
continued using them, then no convergence notary
On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote:
On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
(See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
Would Convergence help here? I can't see how. If a government
secretly aquired the SSL private keys for a site, and
On Thu, Jul 25 2013, Eugen Leitl wrote:
On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote:
On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
(See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
Would Convergence help here? I can't see how. If a government
secretly
This article details deploying forward secrecy.
https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy
On Thu, Jul 25, 2013 at 5:54 AM, Tom Ritter t...@ritter.vg wrote:
On 25 July 2013 06:41, Ben Laurie b...@links.org wrote:
What helps here is perfect
On Thu, Jul 25, 2013 at 3:41 AM, Ben Laurie b...@links.org wrote:
On 25 July 2013 11:22, Nick liberationt...@njw.me.uk wrote:
On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
(See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
Would Convergence help here? I can't see
On Thu, Jul 25, 2013 at 12:41 PM, Ben Laurie b...@links.org wrote:
On 25 July 2013 11:22, Nick liberationt...@njw.me.uk wrote:
On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
(See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
Would Convergence help here? I can't see
On Thu, Jul 25, 2013 at 04:41:43AM -0700, Owen Barton wrote:
If a government
secretly aquired the SSL private keys for a site, and the site
continued using them, then no convergence notary would know any
cause not to vouch for the key.
What helps here is perfect forward secrecy.
Google also declined to disclose whether it had received requests
for encryption keys. But a spokesperson said the company has never
handed over keys to the government,
Surely they have provided hard disk images containing key material to
aid government investigations related to themselves or
The reason why Twitter, Google, and other companies went to RC4 is because
of issues with AES. The CBC and known IV attacks permitted BEAST to occur.
RC4 was the safest way out.
Even then, RC4 can be broken. In short, no one on the Internet is running
SSL in a way that cannot be broken. Although,
On Thu, Jul 25, 2013 at 12:05 PM, Andy Isaacson a...@hexapodia.org wrote:
On Thu, Jul 25, 2013 at 04:41:43AM -0700, Owen Barton wrote:
If a government
secretly aquired the SSL private keys for a site, and the site
continued using them, then no convergence notary would know any
* John Adams:
The reason why Twitter, Google, and other companies went to RC4 is because
of issues with AES. The CBC and known IV attacks permitted BEAST to occur.
RC4 was the safest way out.
Anyone who has switched to RC4 because of BEAST should seek better
cryptographic advice. Seriously.
12 matches
Mail list logo
