| Presumably the value they add is that they keep browsers from popping
| up scary warning messages
Apple's Mail.app checks certs on SSL-based mail server connections.
It has the good - but also bad - feature that it *always* asks for
user approval if it gets a cert it doesn't like.
Good
http://www.gcn.com/online/vol1_no1/45946-1.html
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
On Mar 16, 2008, at 8:50 AM, John Levine wrote:
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
You only think this is bad because you believe CAs add some value.
Presumably the value they add is that they
[EMAIL PROTECTED] (Peter Gutmann) on Sunday, March 16, 2008 wrote:
[EMAIL PROTECTED] writes:
I would think this would be rather common, and I may have heard about certs
that had authority to sign other certs in some circumstances...
The desire to do it isn't uncommon, but it runs into problems
Hello,
As if the latest research (which showed that RAM contents can be
recovered after power-down) was not enough, it seems as Firewire ports
can form yet an easier attack vector into FDE-locked laptops.
Windows hacked in seconds via Firewire
Such as Cold Boot, etc.
There have been a number of conversations among my colleagues on how
to ameliorate this, particularly with an eye to making suspend mode
safer.
In the Cold Boot paper, the authors suggested XORing a piece of random
memory onto the dangerous bits, so as to fuzz
| As if the latest research (which showed that RAM contents can be
| recovered after power-down) was not enough, it seems as Firewire ports
| can form yet an easier attack vector into FDE-locked laptops.
|
| Windows hacked in seconds via Firewire
|
John Levine wrote:
| Presumably the value they add is that they keep browsers from popping
| up scary warning messages
Apple's Mail.app checks certs on SSL-based mail server connections.
It has the good - but also bad - feature that it *always* asks for
user approval if it gets a cert it