--- James A. Donald [EMAIL PROTECTED] wrote:
--
On 12 Jun 2003 at 16:25, Steve Schear wrote:
http://www.acros.si/papers/session_fixation.pdf
Wow.
This flaw is massive, and the biggest villain is the server
side code created for Apache.
You really lack some fundamental
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
At 10:27 AM 6/11/03 -0700, bear wrote:
That is the theory. In practice, as long as the PGP web of trust
The thing that strikes me is that the PGP web of trust idea is appropriate
for very close-knit communities, where reputations matter and people
At 2:35 PM -0700 6/13/03, Pat Farrell wrote:
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
At 10:27 AM 6/11/03 -0700, bear wrote:
That is the theory. In practice, as long as the PGP web of trust
The thing that strikes me is that the PGP web of trust idea is appropriate
for very close-knit
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
The thing that strikes me is that the PGP web of trust idea is appropriate
for very close-knit communities, where reputations matter and people
mostly know one another. A key signed by Carl Ellison or Jon Callas
actually means something to me,
At 12:00 PM 6/13/2003 +0200, Stefan Mink wrote:
Hi Carl,
On Wed, Jun 11, 2003 at 09:56:12PM -0700, Carl Ellison wrote:
There's one draft that should have gone on to RFC, but people were
using it from the draft instead. It's my fault that we left it at
that stage and didn't publish the RFC.