On 2010-08-15 7:59 AM, Thor Lancelot Simon wrote:
Indeed. The way forward would seem to be ECC, but show me a load balancer
or even a dedicated SSL offload device which supports ECC.
For sufficiently strong security, ECC beats factoring, but how strong is
sufficiently strong? Do you have any
On Aug 16, 2010, at 9:19 49PM, John Gilmore wrote:
>> who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks?
>
> "Enemy"? We don't have to be the enemy for someone to crack our
> security. We merely have to be in the way of something they want;
> or to be a convenient tool or fo
> who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks?
"Enemy"? We don't have to be the enemy for someone to crack our
security. We merely have to be in the way of something they want;
or to be a convenient tool or foil in executing a strategy.
Given the prevalence of Chinese c
On Aug 15, 2010, at 1:17 30PM, Peter Gutmann wrote:
> Ray Dillinger writes:
>> On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote:
>>
>>> The big drawback is that those who want to follow NIST's recommendations
>>> to migrate to 2048-bit keys will be returning to the 2005-er
On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote:
> There are some possibilities, my co-workers and I have discussed. For
> purely internal systems TLS-PSK (RFC 4279) provides symmetric
> encryption through pre-shared keys which provides us with whitelisting
> as well a
Ray Dillinger writes:
>On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote:
>
>> The big drawback is that those who want to follow NIST's recommendations
>> to migrate to 2048-bit keys will be returning to the 2005-era overhead.
>> Either way, that's back in line with the above
On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote:
> Moore's law helped immensely here. In the last 5 years systems have gotten
> about 8 times faster, reducing the processing cost of crypto a lot.
> The big drawback is that those who want to follow NIST's recommendations
On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote:
>
> The big drawback is that those who want to follow NIST's
> recommendations to migrate to 2048-bit keys will be returning to
> the 2005-era overhead. Dan Kaminsky provided some benchmarks in a
> different thread on t
>Ann & Lynn Wheeler wrote:
> the original requirement for SSL deployment was that it was on from the
> original URL entered by the user. The drop-back to using SSL for only small
> subset ... was based on computational load caused by SSL cryptography in
> the online merchant scenario, it cut
On Fri, Aug 13, 2010 at 09:32:57AM -0700, Jeff Simmons wrote:
> It wouldn't surprise me if there's been some blowback from the
> adoption of PCI-DSS (Payment Card Industry Data Security
> Standards). As someone who has had to help several small to medium
> size businesses comply with these 'volunta
On 08/13/2010 03:16 PM, Chris Palmer wrote:
When was this *ever* true? Seriously.
re:
http://www.garlic.com/~lynn/2010m.html#50
... original design/implementation. The very first commerce server
implementation
by the small client/server startup (that had also invented "SSL") ... was mall
para
On Friday 13 August 2010 11:33, eric.lengve...@wellsfargo.com wrote:
> I'd like to clarify a bit. PCI-DSS wasn't developed by the big banks. It
> isn't usually enforced by big banks except insofar as they are liable for
> PCI-DSS compliance when outsourcing to or partnering with other companies.
>
Anne & Lynn Wheeler writes:
> subset ... was based on computational load caused by SSL cryptography
> in the online merchant scenario, it cut thruput by 90-95%; alternative to
> handle the online merchant scenario for total user interaction would have
> required increasing the number of serve
On 08/13/2010 02:12 PM, Jon Callas wrote:
What on earth happened? Was there a change in banking regulations in the last
few months?
Possibly it's related to PCI DSS and other work that BITS has been doing. Also,
if one major player cleans up their act and sings about how cool they are, then
> Jeff Simmons wrote:
> It wouldn't surprise me if there's been some blowback from the adoption of
> PCI-DSS (Payment Card Industry Data Security Standards). As someone who
> has
> had to help several small to medium size businesses comply with these
> 'voluntary' standards, the irony of the fact
>Jon Callas wrote:
>
> Possibly it's related to PCI DSS and other work that BITS has been doing.
>
>
> Another possibility is... the risk managers
> know that the last thing they need is a security brouhaha while they are
> partially owned by government and thus voters.
>
> I bet on synergies b
> What on earth happened? Was there a change in banking regulations in the last
> few months?
Possibly it's related to PCI DSS and other work that BITS has been doing. Also,
if one major player cleans up their act and sings about how cool they are, then
that can cause the ice to break.
Another
>What on earth happened? Was there a change in banking regulations in
>the last few months?
No, but we know that banks move in herds, and they mostly talk to each
other, not anyone with outside expertise.
More likely someone noticed that computers are a lot faster than they
were a decade ago, yo
On Friday 13 August 2010 04:59, Peter Gutmann wrote:
> As part of a thread on another list, I noticed that Bank of America, who
> until recently didn't bother protecting the page where users are expected
> to enter their credentials with anything more substantial than a GIF of a
> padlock, now fina
On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann
wrote:
> As part of a thread on another list, I noticed that Bank of America,
> who until recently didn't bother protecting the page where users are
> expected to enter their credentials with anything more substantial
> than a GIF of a padlock,
On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann
wrote:
> As part of a thread on another list, I noticed that Bank of
> America, who until recently didn't bother protecting the page where
> users are expected to enter their credentials with anything more
> substantial than a GIF of a padlock, now
21 matches
Mail list logo
