Eric Rescorla e...@networkresonance.com writes:
At Tue, 20 Jan 2009 17:57:09 +1300, Peter Gutmann wrote:
Steven M. Bellovin s...@cs.columbia.edu writes:
So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible
On Sat, Jan 24, 2009 at 2:36 AM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
You seem to be out of touch I am afraid. Just look at what many O/S
distributions do. They adopt a new OpenSSL 0.9.Xy release from time to
time (for some initial y) and back-port security fixes never
Jonathan Thornburg writes:
In the modern world, no major government wants to allow untracable
international financial transactions above some fairly modest size
thresholds. (The usual catch-phrases are things like laundering
drug money, tax evasion, and/or financing terrorist groups.)
To
At Sat, 24 Jan 2009 14:55:15 +1300,
Peter Gutmann wrote:
Yes, the changes between TLS 1.1 and TLS 1.2 are about as big as those
between SSL and TLS. I'm not particularly happy about that either, but it's
what we felt was necessary to do a principled job.
It may have been a nicely principled
h...@finney.org (Hal Finney) on Saturday, January 24, 2009 wrote:
Countermeasures by botnet operators would include moderating their take,
perhaps only stealing 10% of the productive capacity of invaded computers,
so that their owners would be unlikely to notice. This kind of thinking
quickly