Crypto 2003

2003-07-02 Thread Greg Rose
This year's Crypto conference is in Santa Barbara August 17-21. The early registration deadline is July 14th. Full program information is available at . It'll be great, both technically and socially! regards, Greg. (General Chair)

Re: New toy: SSLbar

2003-07-02 Thread mister_lee
Adam Fields said: On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote: Regarding the usefulness of SSLbar itself, its immediate purpose was fingerprint display, as a (theoretically) easy means of checking a cert't validity yourself, ... Maybe this is a stupid question, but exactly how

Re: Mozilla tool to self-verify HTTPS site

2003-07-02 Thread Ian Grigg
Marc Branchaud wrote: Ian Grigg wrote: Tying the certificate into the core crypto protocol seems to be a poor design choice; outsourcing any certification to a higher layer seems to work much better out in the field. I'll reserve judgement about the significance of SSLBar, but I

Re: New toy: SSLbar

2003-07-02 Thread James A. Donald
-- On 2 Jul 2003 at 6:04, [EMAIL PROTECTED] wrote: If you can't get/verify the fingerprint at least once via another channel, you can't use SSLbar to verify the cert. About the best you can do is ensure that you're seeing the same fingerprint every time you visit the site. In practice,

Re: New toy: SSLbar

2003-07-02 Thread Barney Wolff
On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote: In practice, if people were able to ensure they saw the same cert every time they hit what is purportedly the same site, this would take out most scams. What's wrong with the ssh known-hosts approach, for this? Do sites change