I thought the 3G (UMTS) cellphones at least were going to use reasonably good
crypto; don't know about the overall security architecture though.
Jaap-Henk
On Fri, 06 Jun 2003 14:30:04 -0400 Ian Grigg [EMAIL PROTECTED] writes:
John Kelsey wrote:
So, what can I do about it, as an individual?
James A. Donald writes:
Suppose the e-gold, to prevent this sea of spam trying to get
people to login to fake e-gold sites, wanted people to use
public keys instead of shared secrets, making your secret key
the instrument that controls the account instead of your shared
password.
They
--
On 6 Jun 2003 at 17:45, Anne Lynn Wheeler wrote:
??? public key registered in place of shared-secret?
NACHA debit trials using digitally signed transactions did it
with both software keys as well as hardware tokens.
http://internetcouncil.nacha.org/News/news.html in the above
scroll
Lucky Green [EMAIL PROTECTED] writes:
I trust that we can agree that the volume of traffic and number of
transactions protected by SSL are orders of magnitude higher than those
protected by SSH. As is the number of users of SSL. The overwhelming majority
of which wouldn't know ssh from telnet.
On Tue, 2003-06-03 at 07:04, Peter Gutmann wrote:
That's a red herring. It happens to use X.509 as its preferred bit-bagging
format for public keys, but that's about it. People use self-signed certs,
certs from unknown CAs [0], etc etc, and you don't need certs at all if you
don't need them,
At 11:38 AM 06/03/2003 -0400, Ian Grigg wrote:
I (arbitratrily) define the marketplace for SSL as browsing.
...
There, we can show statistics that indicate that SSL
has penetrated to something slightly less than 1% of servers.
For transmitting credit card numbers on web forms,
I'd be surprised if
On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote:
At 01:25 PM 6/3/03 -0700, Eric Blossom wrote:
...
I agree end-to-end encryption is worthwhile if it's available, but even
when someone's calling my cellphone from a normal landline phone, I'd like
it if at least the over-the-air
At 03:04 PM 6/3/2003 -0700, James A. Donald wrote:
I never figured out how to use a certificate to authenticate a
client to a web server, how to make a web form available to one
client and not another. Where do I start?
What I and everyone else does is use a shared secret, a
password stored on
Tim Dierks wrote:
At 09:11 AM 6/3/2003, Peter Gutmann wrote:
Lucky Green [EMAIL PROTECTED] writes:
Given that SSL use is orders of magnitude higher than that of SSH, with no
change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by
your assertion that ssh, not SSL, is
Erik is right: there must be very strong motivation to consider using a
cryptographic mechanism/protocol which is not `standard` (de-facto
standards are Ok). When this motivation is supposedly improved security,
the new (supposedly more secure) primitive should preferably be composed
with a
Scott Guthery [EMAIL PROTECTED] writes:
When I drill down on the many pontifications made by computer
security and cryptography experts all I find is given wisdom. Maybe
the reason that folks roll their own is because as far as they can see
that's what everyone does. Roll your own then whip
Scott Guthery [EMAIL PROTECTED] writes:
Suppose. Just suppose. That you figured out a factoring
algorithm that was polynomial. What would you do? Would
you post it immediately to cypherpunks?Well, OK, maybe
you would but not everyone would. In fact some might
even imagine they could
]
| Subject: Re: Maybe It's Snake Oil All the Way Down
|
|
|
|There are a number of standard building blocks (3DES, AES, RSA, HMAC,
|SSL, S/MIME, etc.). While none of these building blocks are known
|to be secure ..
|
| So for the well-meaning naif
13 matches
Mail list logo