At Mon, 1 Sep 2008 21:56:52 +0100,
Ben Laurie wrote:
>
> On Mon, Sep 1, 2008 at 9:49 PM, Eric Rescorla <[EMAIL PROTECTED]> wrote:
> > At Mon, 1 Sep 2008 21:00:55 +0100,
> > Ben Laurie wrote:
> >> The core issue is that HTTPS is used to establish end-to-end security,
> >> meaning, in particular, au
On Mon, Sep 1, 2008 at 9:49 PM, Eric Rescorla <[EMAIL PROTECTED]> wrote:
> At Mon, 1 Sep 2008 21:00:55 +0100,
> Ben Laurie wrote:
>> The core issue is that HTTPS is used to establish end-to-end security,
>> meaning, in particular, authentication and secrecy. If the MitM can
>> disable the upgrade t
At Mon, 1 Sep 2008 21:00:55 +0100,
Ben Laurie wrote:
> The core issue is that HTTPS is used to establish end-to-end security,
> meaning, in particular, authentication and secrecy. If the MitM can
> disable the upgrade to HTTPS then he defeats this aim. The fact that
> the server declines to serve a
How difficult is it to compute discrete logarithms modulo a 512-bit
prime p of the form 2*q+1, q prime? I have had no luck finding recent
DL results, as it seems factoring is the preferred
benchmark/target. The DL algorithms seem to be have roughly the same
runtimes as factoring, but this is only
[Adding the cryptography list, since this seems of interest]
On Wed, Aug 27, 2008 at 8:58 PM, Story Henry <[EMAIL PROTECTED]> wrote:
> Apparently rfc2817 allows an http url tp be used for https security.
>
> Given that Apache seems to have that implemented [1] and that the
> openid url is mostly u
Several people have sent in a link to a New York Times story on ACH fraud:
http://www.nytimes.com/2008/08/30/business/yourmoney/30theft.html
Perry
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing