On Sun, Mar 16, 2008 at 10:57 PM, Michael Sierchio [EMAIL PROTECTED] wrote:
David Schwartz wrote:
If you can't trust the system that generates and stores your private key,
you're screwed anyway. So I don't see that this argument has any validity.
A timestamp is not an attribute of a
Kyle Hamilton wrote:
On Sun, Mar 16, 2008 at 10:44 PM, David Schwartz [EMAIL PROTECTED] wrote:
If you can't trust the system that generates and stores your private key,
you're screwed anyway. So I don't see that this argument has any validity.
The issue is 'who is trusting what?'
David's
David's apparent statement is the person trusting the time is the
person generating the key.
Michael's apparent idea is if you're generating it and including it
in the key format, then you're making an assertion which must
trustable by people other than the person generating the key.
David Schwartz wrote:
You have to have absolute trust in any entity that will generate or store your
private key. Thus you can trust any information in it -- anyone who could put
in bogus information could give away your key to strangers. (By absolute trust,
I mean with respect to anything
On Sun, Mar 16, 2008 at 11:27 PM, Michael Sierchio [EMAIL PROTECTED] wrote:
David Schwartz wrote:
You have to have absolute trust in any entity that will generate or store
your private key. Thus you can trust any information in it -- anyone who
could put in bogus information could give
Kyle Hamilton wrote:
A key's lifetime is, cryptographically speaking, the amount of time
for which it can be expected to provide a sane level of security in
relation to the value of the data which it protects.
Right, which is a matter of consensus best practice, we hope...
Of course,
Michael Sierchio wrote:
Anyway, in the case of RSA keypairs we don't manufacture them, we
discover them. They're already there, we just search for our p's and q's
in the appropriate range and rely on chance starting conditions to find
some not in use. I suggested, but not entirely in jest,
David Schwartz wrote:
... An attacker can start trying to break your key as soon he has your public
key.
Issuance date of the cert suffices. It's still not an attribute of
the private key.
In any case, you may of course need to validate an old signature, and the
mechanics for that have been
Take me off this list please
Thank you
This is my busnesses mailbox, I didn,t how much mail comes in
John Pawlicki
New York Technical Support
212-775-2690
[EMAIL PROTECTED]
Hi,
interesting thread.
I also think that secret and shared keys have attributes as
creation or validation date. One very important attribute I would
like to mention is the is revoked attribute. Of course
certificates also can be revoked, but this is something
different. Revoked certificates can
me too
On 3/17/08, Pawlicki, John (NY) [EMAIL PROTECTED] wrote:
Take me off this list please
Thank you
This is my busnesses mailbox, I didn,t how much mail comes in
John Pawlicki
New York Technical Support
212-775-2690
[EMAIL PROTECTED]
Steffen Dettmer wrote:
You may argue, and get me to agree, that cert
reissue/resigning with the same SubjectPubkeyData is a bad
idea. Make 'em generate keypairs. Keep a list forever of
pubkeys seen in certs and reject any that appear in CSRs.
(CSR? Is this like a CRL or something
Apologies if this has managed to get to the list twice as I was
subscribing and not sure if it made it. Anyway:
His has probably been covered a lot but I can't find much to show for
it. I'm trying to build OpenSSL 0.9.8g for WM5 and have trouble. I've
built it for Pocket PC 2003 OK for WM5,
On Mon, Mar 17, 2008 at 12:14 AM, Michael Sierchio [EMAIL PROTECTED] wrote:
Kyle Hamilton wrote:
A key's lifetime is, cryptographically speaking, the amount of time
for which it can be expected to provide a sane level of security in
relation to the value of the data which it protects.
Hello,
I have to setup an SSL communication between a client and a server. I have
bought the OpenSSL book and I have downloaded the last OpenSSL release version.
I think the first think to do is to set up my certification authority following
these steps:
Create an environment for my CA
Do you want to do it inline or not. If not I can send the commands.
EL HACHIMI Driss wrote:
Hello,
I have to setup an SSL communication between a client and a server. I
have bought the OpenSSL book and I have downloaded the last OpenSSL
release version.
I think the first think to do is to
I'd like to do it with the commands
-
Envoyé avec Yahoo! Mail.
La boite email la plus appreciée au monde.
I'll do it with the commands
David Hostetter [EMAIL PROTECTED] a écrit :
Do you want to do it inline or not. If not I can send the commands.
EL HACHIMI Driss wrote:
Hello,
I have to setup an SSL communication between a client and a server. I
have bought the OpenSSL book and I have
Dear Sekhar,
I checked for the PSK in the two files you listed in your last mail but
there is nothing on psk. Could you please give me reference to the openSSL
version that supports psk?
regards,
Charles
Kurapati Raja Sekhar a écrit :
Yes It is already implemented in openssl.
Go to apps
Hi all,
I can not check out code from a subversion repository when a proprietary
application is turned on, and get SSL negotiation failed: Secure connection
truncated error message. And as soon as I turned off this application, I can
successfully check out code.
If this is a openSSL issue and
On Monday 17 March 2008, navneet Upadhyay wrote:
me too
On 3/17/08, Pawlicki, John (NY) [EMAIL PROTECTED] wrote:
Take me off this list please
Thank you
This is my busnesses mailbox, I didn,t how much mail comes in
John Pawlicki
New York Technical Support
212-775-2690
[EMAIL
Are you saing that the message shouldn't be send to majordomo?
Here's the welcome message I got from majordomo:
*
Welcome to the openssl-users mailing list!
Please save this message for future reference. Thank you.
If you ever want to remove yourself from this mailing list,
you can send mail to
On Monday 17 March 2008, mikel paskual wrote:
Are you saing that the message shouldn't be send to majordomo?
Sorry, fat fingers first thing in the morning . . . should have typed:
why don't you send a message to [EMAIL PROTECTED] . . .
Hope this helps
Here's the welcome message I got from
In my Linux application, previously I transferred a socket from a host
application to a spawned exec()'d application in a new process by passing
the socket handle on the command line. The child application would then
continue reading on the socket like normal. However, now I need to pass this
The vague idea I've gotten so far is that I need to somehow
transfer the SSL_SESSION to the new process. Examining the
output of SSL_SESSION_print_fp() I see that the session ID
and master key change every time SSL is initialized, so
simply reinitializing the SSL library in the new process
25 matches
Mail list logo