On Thu, 2 Oct 2003, Thor Lancelot Simon wrote:
1) Creates a socket-like connection object
2) Allows configuration of the expected identity of the party at the other
end, and, optionally, parameters like acceptable cipher suite
3) Connects, returning error if the identity doesn't match.
From:
-- Security Alert Consensus --
Number 039 (03.39)
Thursday, October 2, 2003
Network Computing and the SANS Institute
Powered by Neohapsis
*** {03.39.004} Cross - OpenSSL ASN.1 parsing vulns
OpenSSL
Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
which are on my shelf. Where was it published?
R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM,
27:393-395, April 1984.
... it does look very much from the outside that there is an
informal Cryptographers Guild in place...
The Guild, such as it is, is a meritocracy; many previously unknown
people have joined it since I started watching it in about 1990.
The way to tell who's in the Guild is that they can break
[EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dave Howe
Peter Fairbrother may well be in possession of a break for the QC hard
problem - his last post stated there was a way to clone photons with
high accuracy in retention of their polarization
On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote:
Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
which are on my shelf. Where was it published?
R. L. Rivest and A. Shamir. How to expose an
eavesdropper. Communications of the ACM, 27:393-395, April 1984.
Ah.
This was just something that popped into my head a while back, and I was
wondering if this works like I think it does. And who came up with it
before me, because it's was too obvious. It's just that I've never heard of
something alone these lines before.
Basically, you share some secret with
- Original Message -
From: Tim Dierks [EMAIL PROTECTED]
I think it's a tautology: there's no such thing as MITM if there's no such
thing as identity. You're talking to the person you're talking to, and
that's all you know.
That seems to make sense. In anonymity providing systems
Merchants who *really* rely on their web site being
secure are those that take instructions for the
delivery of value over them. It's a given that they
have to work very hard to secure their websites, and
it is instructive to watch their efforts.
The cutting edge in making web sites secure is
Having been greatly encouraged by people on this list to go ahead with a
new SSL implementation, it looks like I am going to go for it, but I'd
kinda like to not make any enemies in the process so I'll try to keep
this list up to date with progress and decisions and stuff ... and I
will ask a
Jill Ramonsky [EMAIL PROTECTED] writes:
Now - SSL or TLS - this confuses me. From what I've read in Eric's
book, SSL version 3.0 or below is called SSL, wheras SSL version 3.1
or above is called TLS.
I wouldn't use quite that terminology. Noone talks about SSL version
3.1, but rather TLS 1.0.
Hi,
bear wrote:
starting with Rivest Shamir's Interlock Protocol from 1984.
Hmmm. I'll go read, and thanks for the pointer.
Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
which are on my shelf. Where was it published?
Communications of the ACM: Rivest and
Shamir, How to
Jack Lloyd [EMAIL PROTECTED] writes:
This was just something that popped into my head a while back, and I was
wondering if this works like I think it does. And who came up with it
before me, because it's was too obvious. It's just that I've never heard of
something alone these lines before.
Now a company called NetPay.TV - I have no idea about
them, really - have started a service that sends out
a 6 digit pin over the SMS messaging features of the
GSM network for the user to type in to the website [4].
Authentify (http://www.authentify.com), does the same kind of thing.
They put a
Hi --
bear wrote:
On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote:
R. L. Rivest and A. Shamir. How to expose an
eavesdropper. Communications of the ACM, 27:393-395, April 1984.
Ah. Interesting, I see. It's an interesting application of a
bit-commitment scheme.
Ok, so my other mail came far too
| Date: Fri, 3 Oct 2003 10:14:42 -0400
| From: Anton Stiglic [EMAIL PROTECTED]
| To: Cryptography list [EMAIL PROTECTED],
| Tim Dierks [EMAIL PROTECTED]
| Subject: Re: anonymous DH MITM
|
|
| - Original Message -
| From: Tim Dierks [EMAIL PROTECTED]
|
|
| I think it's a tautology:
On 10/03/2003 01:26 PM, R. A. Hettinga wrote:
It seems to me that perfect pseudonymity *is* anonymity.
They're not quite the same thing; see below.
Frankly, without the ability to monitor reputation, you don't have
ways of controlling things like transactions, for instance. It's just
that
In message [EMAIL PROTECTED], Benja Fallenstein writes:
Hi,
bear wrote:
starting with Rivest Shamir's Interlock Protocol from 1984.
Hmmm. I'll go read, and thanks for the pointer.
Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
which are on my shelf. Where was it
At 05:13 AM 10/3/2003 -0400, Jack Lloyd wrote:
This was just something that popped into my head a while back, and I was
wondering if this works like I think it does. And who came up with it
before me, because it's was too obvious. It's just that I've never heard of
something alone these lines
- Original Message -
From: Jerrold Leichter [EMAIL PROTECTED]
[...]
| I think it's a tautology: there's no such thing as MITM if there's no
such
| thing as identity. You're talking to the person you're talking to, and
| that's all you know.
|
| That seems to make sense
No;
Arnold G. Reinhold wrote:
At 11:50 PM -0400 10/1/03, Ian Grigg wrote:
...
A threat must occur sufficiently in real use, and incur
sufficient costs in excess of protecting against it, in
order to be included in the threat model on its merits.
I think that is an excellent summation of
At 2:32 PM -0400 10/3/03, John S. Denker wrote:
-- anonymous (no handle all)
If they don't know who I am, I'm anonymous, whether I use a pseudonym or not.
However, the more perfect the pseudonym is, the more secure it is, the more
anonymous I am.
All of the anonymous payment protocols I
| From: Anton Stiglic [EMAIL PROTECTED]
| From: Jerrold Leichter [EMAIL PROTECTED]
| No; it's false. If Alice and Bob can create a secure channel between
| themselves, it's reasonable to say that they are protected from MITM
| attacks if they can be sure that no third party can read their
On Thu, Oct 02, 2003 at 03:34:35PM -0700, John Gilmore wrote:
... it does look very much from the outside that there is an
informal Cryptographers Guild in place...
The Guild, such as it is, is a meritocracy; many previously unknown
people have joined it since I started watching it in
Ah, the joys of diversity. Implementations
of all your favorite protocols in all your
favorite programming languages by all your
favorite programmers in all your favorite
countries on all your favorite operating
systems for all your favorite chips.
Continuous debugging certainly is the path
On Fri, Oct 03, 2003 at 04:31:26PM -0400, Tyler Close wrote:
On Thursday 02 October 2003 09:21, Jill Ramonsky wrote:
I was thinking of doing a C++ implentation with classes and
templates and stuff. (By contrast OpenSSL is a C
implementation). Anyone got any thoughts on that?
Given the
| Date: Fri, 03 Oct 2003 17:27:36 -0400
| From: Tim Dierks [EMAIL PROTECTED]
| To: Jerrold Leichter [EMAIL PROTECTED]
| Cc: Cryptography list [EMAIL PROTECTED]
| Subject: Re: anonymous DH MITM
|
| At 03:28 PM 10/3/2003, Jerrold Leichter wrote:
| From: Tim Dierks [EMAIL PROTECTED]
| | No; it's
27 matches
Mail list logo