On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote:
> Regarding the usefulness of SSLbar itself, its immediate purpose was
> fingerprint display, as a (theoretically) easy means of checking a cert's
> validity yourself, rather than relying on a third party signing. That list
> of "offic
Ian Grigg wrote:
Tying the certificate into the core crypto protocol seems to be a
poor design choice; outsourcing any certification to a higher layer
seems to work much better out in the field.
I'll reserve judgement about the significance of SSLBar, but I couldn't
agree more with the above poin
also sprach Arnold G. Reinhold <[EMAIL PROTECTED]> [2003.06.29.0424 +0200]:
> >I am not sure I understand. How does this relate to my question?
> >
> >Where does the other factor come from?
>
> I got the impression, and maybe I misunderstood, that you were
> viewing a product of two primes aA, wh
Once upon a time, bear sent Kevin a note that said...
I think that the problem would be somewhat ameliorated if there
were a DNS cache on the laptop itself. It would still use DNS
servers, but if it got a different IP number for the same address,
it should notify someone.
Win2k and WinXP have a c
"Steven M. Bellovin" wrote:
>
> In message <[EMAIL PROTECTED]>, Simon Josefsson writes:
> >Of course, everything fails if you ALSO get your DNSSEC root key from
> >the DHCP server, but in this case you shouldn't expect to be secure.
> >I wouldn't be surprised if some people suggest pushing the DNS
DIMACS Tutorial on Computer Security
August 4 - 7, 2003
DIMACS Center, CoRE Building, Rutgers University
Organizer:
Rebecca Wright
Stevens Institute of Technology
[EMAIL PROTECTED]
Presented under the auspices of the Special Focus on Communication
Security and Information Pr
On Mon, 30 Jun 2003, Simon Josefsson wrote:
>Bill Stewart <[EMAIL PROTECTED]> writes:
>
>>>* Your laptop see and uses the name "yahoo.com.attackersdomain.com".
>>> You may be able to verify this using your DNSSEC root key, if the
>>> attackersdomain.com people have set up DNSSEC for their sp
In message <[EMAIL PROTECTED]>, Simon Josefsson writes:
>Bill Stewart <[EMAIL PROTECTED]> writes:
>
>>>* Your laptop see and uses the name "yahoo.com.attackersdomain.com".
>>> You may be able to verify this using your DNSSEC root key, if the
>>> attackersdomain.com people have set up DNSSEC for
FYI ( from http://www.cenorm.be/isss/newsletter/ ):
--- Forwarded message follows ---
ETSI interoperability testing event for IPsec on 21-25 July 2003
The European Telecommunications Standards Institute's (ETSI) Plugtests
service is mounting its first interoperability testing event for IP
Bill Stewart <[EMAIL PROTECTED]> writes:
>>* Your laptop see and uses the name "yahoo.com.attackersdomain.com".
>> You may be able to verify this using your DNSSEC root key, if the
>> attackersdomain.com people have set up DNSSEC for their spoofed
>> entries, but unless you are using bad sof
At 11:49 PM 06/29/2003 +0200, Simon Josefsson wrote:
No, I believe only one of the following situations can occur:
* Your laptop see and uses the name "yahoo.com", and the DNS server
translate them into yahoo.com.attackersdomain.com. If your laptop
knows the DNSSEC root key, the attacker cann
In message <[EMAIL PROTECTED]>, Simon Josefsson writes:
>
>Of course, everything fails if you ALSO get your DNSSEC root key from
>the DHCP server, but in this case you shouldn't expect to be secure.
>I wouldn't be surprised if some people suggest pushing the DNSSEC root
>key via DHCP though, becau
12 matches
Mail list logo
