RE: Client Certificate UI for Chrome?

2009-08-12 Thread Thomas Hardjono
From: James A. Donald [jam...@echeque.com] Sent: Sunday, August 09, 2009 1:21 AM To: Thomas Hardjono Cc: Ben Laurie; Cryptography Subject: Re: Client Certificate UI for Chrome? Thomas Hardjono wrote: In this UI discussion, I think its less

Re: Client Certificate UI for Chrome?

2009-08-12 Thread James A. Donald
Thomas Hardjono wrote: I'm not sure if the Chrome folks would be prepared to ship their browser without any CA certs loaded, Excessive distrust is inconvenient, excessive trust is vulnerable. It is better to remedy flaws by expanding functionality rather than restricting it. On the one hand,

Ultimate limits to computation

2009-08-12 Thread Hal Finney
[Note subject line change] Jerry Leichter writes: Since people do keep bringing up Moore's Law in an attempt to justify larger keys our systems stronger than cryptography, it's worth keeping in mind that we are approaching fairly deep physical limits. I wrote about this on this list

Re: brute force physics Was: cleversafe...

2009-08-12 Thread Jerry Leichter
On Aug 10, 2009, at 4:42 AM, Alexander Klimov wrote: On Sun, 9 Aug 2009, Jerry Leichter wrote: Since people do keep bringing up Moore's Law in an attempt to justify larger keys our systems stronger than cryptography, it's worth keeping in mind that we are approaching fairly deep physical

Re: Ultimate limits to computation

2009-08-12 Thread Jerry Leichter
On Aug 11, 2009, at 2:47 PM, Hal Finney wrote: [Note subject line change] Jerry Leichter writes: Since people do keep bringing up Moore's Law in an attempt to justify larger keys our systems stronger than cryptography, it's worth keeping in mind that we are approaching fairly deep physical

Re: Client Certificate UI for Chrome?

2009-08-12 Thread James A. Donald
James A. Donald jam...@echeque.com writes: [In order to implement strong password based encryption and authentication] on the server side, we need a request object in the script language that tells the script that this request comes from an entity that established a secure connection

Re: brute force physics Was: cleversafe...

2009-08-12 Thread David Wagner
Alexander Klimov wrote: A problem with this reasoning is that the physical world and the usual digital computers have exponential simulation gap (it is known at least in one direction: to simulate N entangled particles on a digital computer one needs computations exponential in N). This can

strong claims about encryption safety Re: [tahoe-dev] cleversafe says: 3 Reasons Why Encryption isOverrated

2009-08-12 Thread Zooko Wilcox-O'Hearn
[removing Cc: tahoe-dev as this subthread is not about Tahoe-LAFS. Of course, the subscribers to tahoe-dev would probably be interested in this subthread, but that just goes to show that they ought to subscribe to cryptogra...@metzdowd.com.] On Monday,2009-08-10, at 11:56 , Jason Resch