RE: Another entry in the internet security hall of shame....

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Saint-Andre Sent: Wednesday, August 24, 2005 4:56 PM To: cryptography@metzdowd.com Subject: Re: Another entry in the internet security hall of shame Tim Dierks wrote: [resending due to

Re: [Clips] RSA Security Sees Hope in Online Fraud

* R. A. Hettinga quotes: Today RSA is perhaps best known for staging a prestigious annual security conference and for selling 20 million little devices that display a six-digit code computer users must type to gain access to computer networks. The code, which changes every minute as

Re: Another entry in the internet security hall of shame....

On 8/25/05, Trei, Peter [EMAIL PROTECTED] wrote: Self-signed certs are only useful for showing that a given set of messages are from the same source - they don't provide any trustworthy information as to the binding of that source to anything. Which is just fine. Pseudonymity is good. If,

RE: Another entry in the internet security hall of shame....

At 9:42 AM -0400 8/25/05, Trei, Peter wrote: Self-signed certs are only useful for showing that a given set of messages are from the same source - they don't provide any trustworthy information as to the binding of that source to anything. Oddly enough, the same could be said for a hierarchically

Re: Another entry in the internet security hall of shame....

Trei, Peter wrote: Ironically, Peter's message above kicked off warning dialogs from MS Outlook, since it was signed using a keypair signed with Peter's own self-signed root, which was not in MSO's list of trusted roots. You may trust CAcert's root more or less than a root that is trusted by

Re: Another entry in the internet security hall of shame....

Trei, Peter wrote: Self-signed certs are only useful for showing that a given set of messages are from the same source - they don't provide any trustworthy information as to the binding of that source to anything. Perfectly acceptable over chat, no? That is, who else would you ask to confirm

Re: Another entry in the internet security hall of shame....

Tim Dierks wrote: [resending due to e-mail address / cryptography list membership issue] On 8/24/05, Ian G [EMAIL PROTECTED] wrote: Once you've configured iChat to connect to the Google Talk service, you may receive a warning message that states your username and password will be transferred

Re: Another entry in the internet security hall of shame....

Ian G [EMAIL PROTECTED] writes: Trei, Peter wrote: Self-signed certs are only useful for showing that a given set of messages are from the same source - they don't provide any trustworthy information as to the binding of that source to anything. Perfectly acceptable over chat, no? That