Re: OT: SSL certificate chain problems
Victor Duchovni [EMAIL PROTECTED] writes: Generally it is enough for a TLS server or client to present its own certificate and all *intermediate* CA certificates, sending the root CA cert is optional, because if the verifying system trusts the root CA in question, it has a local copy of that root CA cert. In some cases it may be useful to send the entire chain, one such being when a CA re-issues its root with a new expiry date, as Verisign did when its roots expired in December 1999. The old root can be used to verify the new root. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: more on NIST hash competition
At 9:30 PM +1300 1/25/07, Peter Gutmann wrote: =?UTF-8?B?SXZhbiBLcnN0acSH?= [EMAIL PROTECTED] writes: Perry E. Metzger wrote: http://www.csrc.nist.gov/pki/HashWorkshop/index.html I'm completely unfamiliar with the way NIST operates, but I've been wondering for years why they haven't organized this competition already. Do we have a list veteran who can shed some light on why it took them this long? My curiosity demands to know. The AES competition was already a severe resource drain, running another one for an AHS would have been prohibitive, until the clear signs that SHA was in real trouble made it more palatable. This is an incorrect interpretation, I believe. The NIST folks at the workshop said a few times that they were not worried about SHA-1 because they have already deprecated it beginning at the end of 2010. That leaves only SHA-2, in which they said they had sufficient confidence. Further, no one publicly expressed worry at the workshop that SHA-2 would have any significant breaks in the near future. The dates on the competition timeline shows that AHS (cute name, Peter!) is not meant as a replacement for SHA-2, given that it won't be selected until after SHA-1 needs to stop being used. --Paul Hoffman, Director --VPN Consortium - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: OT: SSL certificate chain problems
On Fri, Jan 26, 2007 at 07:06:00PM +1300, Peter Gutmann wrote: Victor Duchovni [EMAIL PROTECTED] writes: Generally it is enough for a TLS server or client to present its own certificate and all *intermediate* CA certificates, sending the root CA cert is optional, because if the verifying system trusts the root CA in question, it has a local copy of that root CA cert. In some cases it may be useful to send the entire chain, one such being when a CA re-issues its root with a new expiry date, as Verisign did when its roots expired in December 1999. The old root can be used to verify the new root. Wouldn't the old root also (until it actually expires) verify any certificates signed by the new root? If so, why does a server need to send the new root? So long as the recipient has either the new or the old root, the chain will be valid. Is the problem case when the verifier has both roots, and the older of the two has expired? -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Intuitive cryptography that's also practical and secure.
I was surprised to discover that one of James Randi's million dollar paranormal challenges is protected by a surprisingly weak (dictionary- based) commitment scheme that is easily reversed and that suffers from collisions. For details, see my blog entry about it: http://www.crypto.com/blog/psychic_cryptanalysis/ I had hoped to be able to suggest a better scheme to Randi (e.g., one based on a published, scrutinized bit commitment protocol). Unfortunately I don't know of any that meets all his requirements, the most important (aside from security) being that his audience (non-cryptographers who believe in magic) be able to understand and have confidence in it. It occurs to me that the lack of secure, practical crypto primitives and protocols that are intuitively clear to ordinary people may be why cryptography has had so little impact on an even more important problem than psychic debunking, namely electronic voting. I think intuitive cryptography is a very important open problem for our field. -matt - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]