> -Original Message-
> From: owner-cryptogra...@metzdowd.com [mailto:owner-
> cryptogra...@metzdowd.com] On Behalf Of Perry E. Metzger
> Sent: Friday, October 08, 2010 3:28 PM
> To: cryptography@metzdowd.com
> Subject: Disk encryption advice...
>
> I have a client with the following pro
>Ann & Lynn Wheeler wrote:
> the original requirement for SSL deployment was that it was on from the
> original URL entered by the user. The drop-back to using SSL for only small
> subset ... was based on computational load caused by SSL cryptography in
> the online merchant scenario, it cut
> Jeff Simmons wrote:
> It wouldn't surprise me if there's been some blowback from the adoption of
> PCI-DSS (Payment Card Industry Data Security Standards). As someone who
> has
> had to help several small to medium size businesses comply with these
> 'voluntary' standards, the irony of the fact
>Jon Callas wrote:
>
> Possibly it's related to PCI DSS and other work that BITS has been doing.
>
>
> Another possibility is... the risk managers
> know that the last thing they need is a security brouhaha while they are
> partially owned by government and thus voters.
>
> I bet on synergies b
On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann
wrote:
> As part of a thread on another list, I noticed that Bank of America,
> who until recently didn't bother protecting the page where users are
> expected to enter their credentials with anything more substantial
> than a GIF of a padlock,
