Ed Gerck wrote:
> Depends on your use. An X.509 identity cert or a PGP cert
> can be made as secure as you wish to pay for. The real
> question, however, that is addressed by the paper is
> how useful are they in terms of email security? How do
> you compare them and which one or which product to
- Original Message -
From: "Jörn Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Countries that ban the use of crypto?
[China bans cryptography]
I'm not going to out anyone on this, but even a quick search of Skype finds
quite a few individuals who make use of cryptography in China. So I
"JXrn" Schmidt <[EMAIL PROTECTED]> writes:
>However, there are only two countries, to the best of my knowledge, that
>outright ban cryptography: Russia and China. And even that's only a de-facto
>ban since both only require individuals to obtain a license to use
>cryptography in any way, shape or
--
James A. Donald:
> > We can, and should, compare any system with the
> > attacks that are made upon it. As a boat should
> > resist every probable storm, and if it does not it
> > is a bad boat, an encryption system should resist
> > every real threat, and if it does not it is a bad
> > en
Lee Parkes <[EMAIL PROTECTED]> writes:
>A colleague of mine is locked in a battle with a client about the use of NULL
>ciphers for OpenSSL. The client claims that he has/wants to allow NULL
>ciphers so that people in countries that ban the use of crypto can still use
>the website. My colleague wan
At 08:05 PM 12/2/2005, [EMAIL PROTECTED] wrote:
You know, I'd wonder how many people on this
list use or have used online banking.
I've used it for about a decade at my credit union,
and I've had my paychecks deposited directly for decades.
There are things I absolutely won't do,
like have a de
"James A. Donald" <[EMAIL PROTECTED]> writes:
> ... email should be sent by a direct connection from the client to
> the recipient mail server, rather than this store and forward crap.
This would eliminate the only available technique for strong anonymity
or pseudonymity. Strong anonymity or ps
Does anyone here have any links to voting system designs that use
cryptography to achieve their goals? I'm curious what could be
achieved in that direction.
--
http://www.lightconsulting.com/~travis/ -><- Knight of the Lambda Calculus
"We already have enough fast, insecure systems." -- Schneier &
--
From: Ed Gerck <[EMAIL PROTECTED]>
> Depends on your use. An X.509 identity cert or a PGP
> cert can be made as secure as you wish to pay for.
Many users are already using MUAs that check signatures.
Why are phishing targets not already using signed mail?
I conjecture t
On Wed, 7 Dec 2005, JЖrn Schmidt wrote:
>
> However, there are only two countries, to the best of my knowledge,
> that outright ban cryptography: Russia and China. And even that's only
> a de-facto ban since both only require individuals to obtain a license
> to use cryptography in any way, shape o
[From Computerworld - see
http://www.computerworld.com/securitytopics/security/story/0,10801,106832,00
.html?source=NLT_PM&nid=106832
]
Security firm detects IM bot that chats with you
Bot replies with messages such as 'lol no its
not its a virus'
On Dec 7, 2005, at 10:24 PM, James A. Donald wrote:
--
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat should
resist every probable storm, and if it does not it
is a bad boat, an encryption system should resist
every real threat, a
On Wed, 7 Dec 2005, Bill Stewart wrote:
| At 08:05 PM 12/2/2005, [EMAIL PROTECTED] wrote:
| >You know, I'd wonder how many people on this
| >list use or have used online banking.
|
| I've used it for about a decade at my credit union,
| and I've had my paychecks deposited directly for decades.
| T
Anne & Lynn Wheeler wrote:
i've periodically written on security proportional to risk ... small sample
http://www.garlic.com/~lynn/2001h.html#61
...
introductioin of PKI and certificates in such an environment may
actually create greater vulnerabilities ... since it may convince the
recipient to
Ed Gerck wrote:
Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the threat model
considered in the CPS.
but that is one of the points of the article that as you automate more
things you have to be extra careful
15 matches
Mail list logo