Dirk-Willem van Gulik wrote:
So I'd argue that while x509, its CA's and its CRL's are a serious pain
to deal** with, and seem add little value if you assume avery diligent
and experienced operational team -- they do provide a useful
'procedural' framework and workflow-guide which is in itself v
On Mar 16, 2008, at 12:32 PM, Ben Laurie wrote:
[EMAIL PROTECTED] wrote:
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
You only think this is bad because you believe CAs add some value.
SSH keys aren't signed
>> So at the company I work for, most of the internal systems have
>> expired SSL certs, or self-signed certs. Obviously this is bad.
>
>You only think this is bad because you believe CAs add some value.
Presumably the value they add is that they keep browsers from popping
up scary warning messag
On Sat, Feb 23, 2008 at 05:09:29AM +1300, Peter Gutmann wrote:
> There were commercial products that did this available some years
> ago, they hooked into the Windows auth using a custom GINA DLL
> (GINA = the Windows extensible login/authentication mechanism,
> think PAM for Windows) and locked th
We had many discussions about this 15 years ago
You usually have predictable plaintext. A cipher that isn't strong enough
against a chosen/known plaintext attack has too many other protocol
problems to worry about mere padding!
For IPsec, we originally specified random padding with 1 traili
[EMAIL PROTECTED] wrote:
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
You only think this is bad because you believe CAs add some value.
SSH keys aren't signed and don't expire. Is that bad?
--
http://www.apac
[EMAIL PROTECTED] writes:
>I would think this would be rather common, and I may have heard about certs
>that had authority to sign other certs in some circumstances...
The desire to do it isn't uncommon, but it runs into problems with PKI
religious dogma that only a CA can ever issue a certificat