RFC 5349
September 2008
This document describes the use of Elliptic Curve certificates,
Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman
(ECDH) key agreement within the framework of PKINIT -- the Kerberos
Version 5 extension that provides for the use of public key
cryptography
"James A. Donald" <[EMAIL PROTECTED]> writes:
> If the user is used to logging in by a user interface that is not easy
> for forge remotely - click on bookmark to bring up a user interface
> that is difficult to remotely forge - then this does indeed work.
It might have been secure enough back in
On Mon, Sep 22, 2008 at 08:59:25PM -1000, James A. Donald wrote:
> The major obstacle is that the government would want a strong binding
> between sim cards and true names, which is no more practical than a
> strong binding between physical keys and true names.
I've a hard time believing that th
Peter Gutmann wrote:
The problem is that the default has always been to be insecure, and there's no
effective way to get people to move to the secure non-default, or at least
none that isn't relatively easily circumvented by a bit of creative thinking
and/or social engineering.
If the user is
A cheap USB camera would make a good source.
The cheaper the better, too. Pull a frame off,
hash it, and it's got entropy, even against a
white background. No lava lamp needed.
I sort of agree, but I feel cautious about recommending that people
use their holiday snaps. And then post them on lin
Leichter, Jerry wrote:
The problem is what that "something else" should be. Keyfobs with
one-time passwords are a good solution from the pure security point
of view, but (a) people find them annoying; (b) when used with
existing input mechanisms, as they pretty much universally are, are
subject
"Leichter, Jerry" <[EMAIL PROTECTED]> writes:
>The sitation today is (a) the decreasing usefulness of passwords - those
>anyone has a chance of remembering are just to guessable in the face of the
>kinds of massive intelligent brute force that's possible today and (b) the
>inherently insecure pass
Inspired by Ian Grigg's comment (in the subject line) and various remarks made
in a recent thread, I had a look at the Verisign 1.0 CPS from 1996 and the
very latest Verisign CPS from June 2008, twelve years later. Here's the
authentication requirements for businesses. One is from the 1.0 CPS, wh
"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>[EMAIL PROTECTED] (Peter Gutmann) wrote:
>> - Use TLS-PSK, which performs mutual auth of client and server
>> without ever communicating the password. This vastly complicated
>> phishing since the phisher has to prove advance knowledge of your
>> c
I was browsing through the Windows download centre for reasons not relevant
here and came across KB955417, dated 22 August 2008:
Install this update to resolve an issue in which protected storage (PStore)
uses a lower quality cryptographic function when the system locale is set to
French (Fr
10 matches
Mail list logo