ADMIN: quick note about the list

2008-06-05 Thread Perry E. Metzger
A quick note from your moderator: A few people have asked about this recently so I thought I'd explain. The list server blocks posts from people who are not list subscribers. This is done at the incoming SMTP server, during the SMTP dialog, based on envelope sender. I do things this way because

ADMIN: list downtime

2008-06-05 Thread Perry E. Metzger
The list will be experiencing some delays later today while the server managing it gets some needed maintenance. It should be down for a few hours at most. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscrib

Re: the joy of "enhanced" certs

2008-06-05 Thread Stefan Kelm
There's a nice short paper by Swiss Company keyon entitled "Faking EV SSL in IE7": Cheers, Stefan. - Secur

Re: the joy of "enhanced" certs

2008-06-05 Thread Peter Gutmann
"Perry E. Metzger" <[EMAIL PROTECTED]> writes: >An object lesson in this just fell in my lap -- I just got my first email >from a spammer that links to a web site that uses such a cert, certified by a >CA I've never heard of ("Starfield Technologies, Inc.") Doubtless they sell >discount "Enhanced

Re: the joy of "enhanced" certs

2008-06-05 Thread John Levine
>An object lesson in this just fell in my lap -- I just got my first >email from a spammer that links to a web site that uses such a cert, >certified by a CA I've never heard of ("Starfield Technologies, Inc.") Oh, you've heard of them, just not under that name. It's GoDaddy. The green bar certs

Re: the joy of "enhanced" certs

2008-06-05 Thread Chris Kuethe
On Wed, Jun 4, 2008 at 12:51 PM, Perry E. Metzger <[EMAIL PROTECTED]> wrote: > An object lesson in this just fell in my lap -- I just got my first > email from a spammer that links to a web site that uses such a cert, > certified by a CA I've never heard of ("Starfield Technologies, Inc.") starfie

Re: the joy of "enhanced" certs

2008-06-05 Thread Allen
Perry E. Metzger wrote: [snip] I'm thinking of starting a CA that sells "super duper enhanced security" certs, where we make the company being certified sign a document in which they promise that they're absolutely trustworthy. To be really sure, we'll make them fax said document in on genuine

Re: the joy of "enhanced" certs

2008-06-05 Thread Leichter, Jerry
On Wed, 4 Jun 2008, Perry E. Metzger wrote: | As some of you know, one can now buy "Enhanced Security" certificates, | and Firefox and other browsers will show the URL box at the top with a | special distinctive color when such a cert is in use. | | Many of us have long contended that such things

Re: Code makers and breakers of WWII era

2008-06-05 Thread Ali, Saqib
Actually the correct URL is: http://www.sscnet.ucla.edu/geog/gessler/collections/cryptology.htm On Wed, Jun 4, 2008 at 1:59 PM, Ali, Saqib <[EMAIL PROTECTED]> wrote: > Here is another site that has a lot more details and photographs: > http://www.sscnet.ucla.edu/geog/gessler/collections/crypto-heb

Re: Code makers and breakers of WWII era

2008-06-05 Thread Ali, Saqib
Here is another site that has a lot more details and photographs: http://www.sscnet.ucla.edu/geog/gessler/collections/crypto-hebern.htm saqib http://doctrina.wordpress.com/ - The Cryptography Mailing List Unsubscribe by sending "