* Ed Gerck [EMAIL PROTECTED] [2006-02-25 13:11 -0800]:
Finally, the properties of MY public-key will directly affect the
confidentiality
properties of YOUR envelope. For example, if (on purpose or by force) my
public-key
enables a covert channel (eg, weak key, key escrow, shared private
On Sat, Feb 25, 2006 at 07:33:38PM +0100, Ian G wrote:
areas. The fact is that SSH came in with a solution
and beat the other guy - Telnet secured over SSL. It
wasn't the crypto that did this, it was the key management,
plain and simple.
Very few people I knew at the time moved to SSH
Travis H. [EMAIL PROTECTED] writes:
On 2/24/06, Alex Pankratov [EMAIL PROTECTED] wrote:
Tero Kivinen wrote:
Secondly I cannot find where it
authenticates the crypto suite used at all (it is not included in the
signature of the AUTH message).
Crypto suite is essentially just a protocol
Ed Gerck wrote:
Ben Laurie wrote:
I totally don't buy this distinction - in order to write to you with
postal mail, I first have to ask you for your address.
We all agree that having to use name and address are NOT the problem,
for email or postal mail. Both can also deliver a letter just
At 05:12 PM 2/26/2006 +, Ben Laurie wrote:
Alex Alten wrote:
At 02:59 PM 2/24/2006 +, Ben Laurie wrote:
Ed Gerck wrote: We have keyservers for this (my chosen technology
was PGP). If you liken their use to looking up an address in an
address book, this isn't hard for users to grasp.
Alex Alten [EMAIL PROTECTED] writes:
What I really hated about it was that when [EMAIL PROTECTED] sent me an email
often I couldn't decrypt it. Why? Because his firm's email server decided
to put in the FROM field [EMAIL PROTECTED]. Since it didn't match
the email name in his X.509
Florian Weimer wrote:
* Ben Laurie:
I don't use PGP - for email encryption I use enigmail, and getting
missing keys is as hard as pressing the get missing keys button.
A step which has really profound privacy implications.
I couldn't find a PGP key server operator that committed itself
Alex Alten wrote:
At 05:12 PM 2/26/2006 +, Ben Laurie wrote:
Alex Alten wrote:
At 02:59 PM 2/24/2006 +, Ben Laurie wrote:
Ed Gerck wrote: We have keyservers for this (my chosen
technology was PGP). If you liken their use to looking up an
address in an address book, this isn't hard
On Sat, Feb 25, 2006 at 07:33:38PM +0100, Ian G wrote:
Hence, IM/chat, Skype, TLS experiments at Jabber, as
well as the OpenPGP attempts.
There are important lessons to be learnt in the rise of
IM over email.
Likewise the rise of the telephone over paper mail, but the phone does
not
DHS: Sony rootkit may lead to regulation U.S. officials aim to avoid future
security threats caused by copy protection software
News Story by Robert McMillan
FEBRUARY 16, 2006 (IDG NEWS SERVICE) - A U.S. Department of Homeland
Security
official warned today that if software distributors
bear wrote:
On Fri, 24 Feb 2006, Peter Saint-Andre wrote:
Personally I doubt that anything other than a small percentage of email
will ever be signed, let alone encrypted (heck, most people on this list
don't even sign their mail).
I don't think I've said anything here that I will
Answer: Use google.
http://johnny.ihackstuff.com/index.php?module=prodreviewsfunc=showcontentid=246
yields just under *four thousand* OpenSSL private key files. Admittedly some
of these are test keys, but it looks like many of them aren't.
(I doubt this is restricted to OpenSSL. If there was
I have to chime in on a number of points. I'll try to keep commercial
plugs to a minimum.
* An awful lot of this discussion is some combination of outdated and
true but irrelevant. For example, it is true that usability of all
computers is not what it could be. But a lot of what has
13 matches
Mail list logo