Alaric Dailey wrote:
> If I may inject my humble opinion(that isn't necessarily a response to
> this peticular email), I may not be as informed as some but
>
> While I admit that PKI is flawed, I don't see anyway that PSK could used
> effectively.
>
> How are PSKs going to be shared in a secu
in fact, the first time i heard the term relying-party-only certificates
was in a presentation by somebody from a german bank at a nissc
conference ... describing all the horrible privacy and liability
problems represented by x.509 identity certificates.
http://www.garlic.com/~lynn/subpubkey.html#r
Stephan Neuhaus wrote:
> That's because PSKs (as I have understood them) have storage and
> management issues that CA certificates don't have, four of which are
> that there will be a lot more PSKs than CA certificates, that you can't
> preinstall them in browsers, that the issue of how to exchange
If I may inject my humble opinion(that isn't necessarily a response to
this peticular email), I may not be as informed as some but
While I admit that PKI is flawed, I don't see anyway that PSK could
used effectively.
How are PSKs going to be shared in a secure way?
are we talking about g
At 9:39 AM +0200 9/1/05, Stephan Neuhaus wrote:
Are we now at a point where we must admit that PKI isn't going to happen
s/happen/happen in a widely useful fashion/
for the Web
s/Web/Web and email/
and that we therefore must face the rewriting of an unknown (but
presumably large) number
Werner Koch <[EMAIL PROTECTED]> writes:
> On Mon, 29 Aug 2005 17:32:47 +0200, Simon Josefsson said:
>
>> which are Fermat pseudoprime in every base. Some applications,
>> e.g. Libgcrypt used by GnuPG, use Fermat tests, so if you have control
>> of the random number generator, I believe you could
Simon Josefsson wrote:
Btw, could you describe the threat scenario where you believe this
test would be useful?
Well, that's an interesting question. I have to admit that I am no
longer sure there is any point. If people do an appropriate number of
rounds of Miller-Rabin whenever they're hand
James A. Donald wrote:
But does not, in fact, prevent.
Let me rephrase that. Are we now at a point where we must admit that
PKI isn't going to happen for the Web and that we therefore must face
the rewriting of an unknown (but presumably large) number of lines of
code to accomodate PSKs? I
