Re: Bringing Tahoe ideas to HTTP

2009-09-18 Thread Peter Gutmann
Alexandre Dulaunoy adu...@gmail.com writes: On the same idea, there is an expired Internet-Draft called Link Fingerprints : http://www.potaroo.net/ietf/idref/draft-lee-uri-linkfingerprints/ Although the draft has expired, the concept lives on in various tools. For example DownThemAll for

Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI

2009-09-18 Thread Joseph Ashwood
-- From: Kevin W. Wall kevin.w.w...@gmail.com Subject: Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI So given these limited choices, what are the best options to the questions I posed in my original post yesterday?

Re: Bringing Tahoe ideas to HTTP

2009-09-18 Thread Alexandre Dulaunoy
On Fri, Sep 18, 2009 at 6:27 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Although the draft has expired, the concept lives on in various tools.  For example DownThemAll for Firefox supports this.  There was some discussion about including it into FF3, but then the draft was dropped and

From Ivory Tower to Iron Bars: Scientists Risk Jail Time for Violating Export Laws

2009-09-18 Thread Alec Muffett
Perry: plasma physics is wildly OT but I believe the relevance will be obvious to those who remember the crypto wars, especially when they hit the fifth paragraph: It’s a difficult subject: many people I interviewed felt Roth showed blatant disregard for the law — he was warned his work

Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI

2009-09-18 Thread Ian G
On 17/09/2009 21:42, David Wagner wrote: Kevin W. Wall wrote: So given these limited choices, what are the best options to the questions I posed in my original post yesterday? Given these choices, I'd suggest that you first encrypt with AES-CBC mode. Then apply a message authentication code

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

2009-09-18 Thread Peter Gutmann
Brian Warner war...@lothar.com writes: From what I can tell, the Sparkle update framework (for OS-X)[1] is doing something like what I want for firefox: the Sparkle-enabled application will only accept update bundles which are signed by a DSA privkey that matches a pubkey embedded in the app.

Re: From Ivory Tower to Iron Bars: Scientists Risk Jail Time for Violating Export Laws

2009-09-18 Thread Steve Furlong
On Fri, Sep 18, 2009 at 4:32 AM, Alec Muffett alec.muff...@gmail.com wrote: Perry: plasma physics is wildly OT but I believe the relevance will be obvious to those who remember the crypto wars, especially when they hit the fifth paragraph: It’s a difficult subject: many people I interviewed