Lance Cottrell <loki obscura.com> > I like to avoid asking users to think too much.
> It would be ideal if there were some kind of timer or something, so it = > could get widely deployed before starting to be used. stage 1 We have to start with agreement on the change in key size. Can everybody on these lists test and examine the new s/w and either agree to use it in all mixmaster remailer installations or else state their objections here? By end November? (If anyone runs a remailer on Windows I'd be interested in the result of testing there as I haven't done any.) stage 2 Remailers upgrade the s/w but do not publish large keys yet. Then distribute the new s/w - from every site we can manage that currently has mixmaster s/w for download. And run a publicity campaign saying people need the new s/w ready for an upgrade in key size coming soon. Because of the anonymous user base this has to be a broadcast on mailing lists, newsgroups, blogs and forums. Publicity will include the error message shown by old s/w used with large keys so that anyone who misses the upgrade and googles the error message will catch on. (Throughout December?) Up to this point there's been no change in the formatting/crypto behaviour outside of testing because no large keys are in use. stage 3 At an agreed time all remailers generate 4096-bit keys and all the places publishing keys make sure to distribute them. Expiry of all 1024-bit keys follows. One week after new year? ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Mixmaster-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mixmaster-devel
