This year's Crypto conference is in Santa Barbara August 17-21. The early
registration deadline is July 14th. Full program information is available
at http://www.iacr.org/conferences/crypto2003/2003Program.html .
It'll be great, both technically and socially!
regards,
Greg.
(General Chair)
Adam Fields said:
On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote:
Regarding the usefulness of SSLbar itself, its immediate purpose was
fingerprint display, as a (theoretically) easy means of checking a
cert't validity yourself, ...
Maybe this is a stupid question, but exactly how
Marc Branchaud wrote:
Ian Grigg wrote:
Tying the certificate into the core crypto protocol seems to be a
poor design choice; outsourcing any certification to a higher layer
seems to work much better out in the field.
I'll reserve judgement about the significance of SSLBar, but I
--
On 2 Jul 2003 at 6:04, [EMAIL PROTECTED] wrote:
If you can't get/verify the fingerprint at least once via
another channel, you can't use SSLbar to verify the cert.
About the best you can do is ensure that you're seeing the
same fingerprint every time you visit the site.
In practice,
On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote:
In practice, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.
What's wrong with the ssh known-hosts approach, for this? Do sites
change
