From: James A. Donald [jam...@echeque.com]
Sent: Sunday, August 09, 2009 1:21 AM
To: Thomas Hardjono
Cc: Ben Laurie; Cryptography
Subject: Re: Client Certificate UI for Chrome?
Thomas Hardjono wrote:
In this UI discussion, I think its less
Thomas Hardjono wrote:
I'm not sure if the Chrome folks would be prepared to
ship their browser without any CA certs loaded,
Excessive distrust is inconvenient, excessive trust is
vulnerable. It is better to remedy flaws by expanding
functionality rather than restricting it.
On the one hand,
[Note subject line change]
Jerry Leichter writes:
Since people do keep bringing up Moore's Law in an attempt to justify
larger keys our systems stronger than cryptography, it's worth
keeping in mind that we are approaching fairly deep physical limits.
I wrote about this on this list
On Aug 11, 2009, at 2:47 PM, Hal Finney wrote:
[Note subject line change]
Jerry Leichter writes:
Since people do keep bringing up Moore's Law in an attempt to justify
larger keys our systems stronger than cryptography, it's worth
keeping in mind that we are approaching fairly deep physical
James A. Donald jam...@echeque.com writes:
[In order to implement strong password based
encryption and authentication] on the server side,
we need a request object in the script language that
tells the script that this request comes from an
entity that established a secure connection
Alexander Klimov wrote:
A problem with this reasoning is that the physical world and the usual
digital computers have exponential simulation gap (it is known at
least in one direction: to simulate N entangled particles on a digital
computer one needs computations exponential in N). This can
[removing Cc: tahoe-dev as this subthread is not about Tahoe-LAFS.
Of course, the subscribers to tahoe-dev would probably be interested
in this subthread, but that just goes to show that they ought to
subscribe to cryptogra...@metzdowd.com.]
On Monday,2009-08-10, at 11:56 , Jason Resch
