Re: delegating SSL certificates

2008-03-19 Thread John Levine
| Presumably the value they add is that they keep browsers from popping | up scary warning messages Apple's Mail.app checks certs on SSL-based mail server connections. It has the good - but also bad - feature that it *always* asks for user approval if it gets a cert it doesn't like. Good

NSA approves secure smart phone

2008-03-19 Thread Steven M. Bellovin
http://www.gcn.com/online/vol1_no1/45946-1.html --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: delegating SSL certificates

2008-03-19 Thread Jon Callas
On Mar 16, 2008, at 8:50 AM, John Levine wrote: So at the company I work for, most of the internal systems have expired SSL certs, or self-signed certs. Obviously this is bad. You only think this is bad because you believe CAs add some value. Presumably the value they add is that they

Re: delegating SSL certificates

2008-03-19 Thread Bill Frantz
[EMAIL PROTECTED] (Peter Gutmann) on Sunday, March 16, 2008 wrote: [EMAIL PROTECTED] writes: I would think this would be rather common, and I may have heard about certs that had authority to sign other certs in some circumstances... The desire to do it isn't uncommon, but it runs into problems

Firewire threat to FDE

2008-03-19 Thread Hagai Bar-El
Hello, As if the latest research (which showed that RAM contents can be recovered after power-down) was not enough, it seems as Firewire ports can form yet an easier attack vector into FDE-locked laptops. Windows hacked in seconds via Firewire

Protection for quasi-offline memory nabbing

2008-03-19 Thread Jon Callas
Such as Cold Boot, etc. There have been a number of conversations among my colleagues on how to ameliorate this, particularly with an eye to making suspend mode safer. In the Cold Boot paper, the authors suggested XORing a piece of random memory onto the dangerous bits, so as to fuzz

Re: Firewire threat to FDE

2008-03-19 Thread Leichter, Jerry
| As if the latest research (which showed that RAM contents can be | recovered after power-down) was not enough, it seems as Firewire ports | can form yet an easier attack vector into FDE-locked laptops. | | Windows hacked in seconds via Firewire |

Re: delegating SSL certificates

2008-03-19 Thread Dave Howe
John Levine wrote: | Presumably the value they add is that they keep browsers from popping | up scary warning messages Apple's Mail.app checks certs on SSL-based mail server connections. It has the good - but also bad - feature that it *always* asks for user approval if it gets a cert it