On 6/09/13 20:15 PM, Daniel Veditz wrote:
On 9/6/2013 9:52 AM, Raphaël Jacquot wrote:
To meet today’s PCI DSS crypto standards DHE is not required.
PCI is about credit card fraud.
So was SSL ;-) Sorry, couldn't resist...
Mastercard/Visa aren't worried that
criminals are storing all your internet purchase transactions with the
hope they can crack it later; if the FBI/NSA want your CC number they
can get it by asking.
That's what the crims do to, they ask for all the numbers, they don't
bother much with SSL.
The cryptography mailing list