-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Peter Saint-Andre
Sent: Wednesday, August 24, 2005 4:56 PM
To: cryptography@metzdowd.com
Subject: Re: Another entry in the internet security hall of shame
Tim Dierks wrote:
[resending due to
* R. A. Hettinga quotes:
Today RSA is perhaps best known for staging a prestigious annual security
conference and for selling 20 million little devices that display a
six-digit code computer users must type to gain access to computer
networks. The code, which changes every minute as
On 8/25/05, Trei, Peter [EMAIL PROTECTED] wrote:
Self-signed certs are only useful for showing that a given
set of messages are from the same source - they don't provide
any trustworthy information as to the binding of that source
to anything.
Which is just fine. Pseudonymity is good.
If,
At 9:42 AM -0400 8/25/05, Trei, Peter wrote:
Self-signed certs are only useful for showing that a given
set of messages are from the same source - they don't provide
any trustworthy information as to the binding of that source
to anything.
Oddly enough, the same could be said for a hierarchically
Trei, Peter wrote:
Ironically, Peter's message above kicked off warning
dialogs from MS Outlook, since it was signed using a keypair
signed with Peter's own self-signed root, which was not in
MSO's list of trusted roots.
You may trust CAcert's root more or less than a root that is trusted by
Trei, Peter wrote:
Self-signed certs are only useful for showing that a given
set of messages are from the same source - they don't provide
any trustworthy information as to the binding of that source
to anything.
Perfectly acceptable over chat, no? That is,
who else would you ask to confirm
Tim Dierks wrote:
[resending due to e-mail address / cryptography list membership issue]
On 8/24/05, Ian G [EMAIL PROTECTED] wrote:
Once you've configured iChat to connect to the Google Talk service, you may
receive a warning message that states your username and password will be
transferred
Ian G [EMAIL PROTECTED] writes:
Trei, Peter wrote:
Self-signed certs are only useful for showing that a given
set of messages are from the same source - they don't provide
any trustworthy information as to the binding of that source
to anything.
Perfectly acceptable over chat, no? That