-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think this thread has run its course and is sufficiently off topic for this
list, so I am declaring it closed.
Thank you
Tamzen
-BEGIN PGP SIGNATURE-
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
On Oct 11, 2013, at 1:48 AM, ianG i...@iang.org wrote:
...
What's your goal? I would say you could do this if the goal was ultimate
security. But for most purposes this is overkill (and I'd include online
banking, etc, in that).
We were talking about how hard it is to solve crypto
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/2013 6:40 PM, grarpamp wrote: On Thu, Oct 10, 2013 at 11:58
AM, R. Hirschfeld r...@unipay.nl wrote:
To send a prism-proof email, encrypt it for your recipient and
send it to irrefrangi...@mail.unipay.nl. Don't include any
information
On Thu, Oct 10, 2013 at 03:54:26PM -0400, John Kelsey wrote:
Having a public bulletin board of posted emails, plus a protocol for
anonymously finding the ones your key can decrypt, seems like a pretty decent
architecture for prism-proof email. The tricky bit of crypto is in making
access to
On Thu, Oct 10, 2013 at 04:24:19PM -0700, Glenn Willen wrote:
I am going to be interested to hear what the rest of the list says about
this, because this definitely contradicts what has been presented to me as
'standard practice' for PGP use -- verifying identity using government issued
ID,
On 10/10/13 19:06 PM, John Kelsey wrote:
Just thinking out loud
The administrative complexity of a cryptosystem is overwhelmingly in key
management and identity management and all the rest of that stuff. So imagine
that we have a widely-used inner-level protocol that can use strong
Reply to various,
Yes, the value in a given key signing is weak, in fact every link in the
web of trust is terribly weak.
However, if you notarize and publish the links in CT fashion then I can
show that they actually become very strong. I might not have good evidence
of John Gilmore's key at
All,
Quick question, anyone got a good scheme for key stretching?
I have this scheme for managing private keys that involves storing them as
encrypted PKCS#8 blobs in the cloud.
AES128 seems a little on the weak side for this but there are (rare)
circumstances where a user is going to need to
On 2013-10-10 (283), at 19:24:19, Glenn Willen gwil...@nerdnet.org wrote:
John,
On Oct 10, 2013, at 2:31 PM, John Gilmore wrote:
An important user experience point is that we should be teaching GPG
users to only sign the keys of people who they personally know.
[]
would be false
grarpamp wrote:
On Thu, Oct 10, 2013 at 11:58 AM, R. Hirschfeld r...@unipay.nl wrote:
To send a prism-proof email, encrypt it for your recipient and send it
to irrefrangi...@mail.unipay.nl. Don't include any information about
To receive prism-proof email, subscribe to the irrefrangible
On 10/10/13 08:41 AM, Bill Frantz wrote:
We should try to characterize what a very long time is in years. :-)
Look at the produce life cycle for known crypto products. We have some
experience of this now. Skype, SSL v2/3 - TLS 0/1/2, SSH 1 - 2, PGP 2
- 5+.
As a starting point, I would
On 10/10/13 17:58 PM, Salz, Rich wrote:
TLS was designed to support multiple ciphersuites. Unfortunately this opened
the door
to downgrade attacks, and transitioning to protocol versions that wouldn't do
this was nontrivial.
The ciphersuites included all shared certain misfeatures, leading to
On Thu, Oct 10, 2013 at 04:22:50PM -0400, Jerry Leichter wrote:
On Oct 10, 2013, at 11:58 AM, R. Hirschfeld r...@unipay.nl wrote:
Very silly but trivial to implement so I went ahead and did so:
To send a prism-proof email, encrypt it for your recipient and send it
to
I like the ideas, John.
The idea, and the protocol you sketched out, are a little reminiscent
of ZRTP ¹ and of tcpcrypt ². I think you can go one step further,
however, and make it *really* strong, which is to offer the higher
or outer layer a way to hook into the crypto from your inner layer.
On 10 October 2013 22:31, John Gilmore g...@toad.com wrote:
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
It's just a practice. I agree that building a small amount of automation
for key signing parties
Saw this on Arstechnica today and thought I'd pass along the link.
http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/2/
More detailed version of the story available at:
https://factorable.net/paper.html
Short version:
This is a job for a key derivation function or a cryptographic prng. I would
use CTR-DRBG from 800-90 with AES256. Or the extract-then-expand KDF based on
HMAC-SHA512.
--John
___
The cryptography mailing list
cryptography@metzdowd.com
On 10/11/13 at 10:32 AM, zoo...@gmail.com (Zooko O'Whielacronx) wrote:
Don't try to study
foolscap, even though it is a very interesting practical approach,
because there doesn't exist documentation of the protocol at the right
level for you to learn from.
Look at the E language sturdy refs,
On 2013-10-11, at 07:03, Tony Naggs tonyna...@gmail.com wrote:
On 10 October 2013 22:31, John Gilmore g...@toad.com wrote:
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
It's just a practice. I agree
On Oct 11, 2013, at 11:26 AM, Phillip Hallam-Baker hal...@gmail.com wrote:
Quick question, anyone got a good scheme for key stretching?
I have this scheme for managing private keys that involves storing them as
encrypted PKCS#8 blobs in the cloud.
AES128 seems a little on the weak side
Dear Ray,
On 2013-10-11, at 19:38 , Ray Dillinger b...@sonic.net wrote:
This is despite meeting (for some inscrutable definition of meeting)
FIPS 140-2 Level 2 and Common Criteria standards. These standards
require steps that were clearly not done here. Yet, validation
certificates were
On 2013-10-11 12:03:44 +0100 (+0100), Tony Naggs wrote:
Do key signing parties even happen much anymore? The last time I saw
one advertised was around PGP 2.6!
[...]
Within more active pockets of the global free software community
(where OpenPGP signatures are used to authenticate release
On Fri, Oct 11, 2013 at 10:32 AM, Zooko O'Whielacronx zoo...@gmail.com wrote:
I like the ideas, John.
The idea, and the protocol you sketched out, are a little reminiscent
of ZRTP ¹ and of tcpcrypt ². I think you can go one step further,
however, and make it *really* strong, which is to offer
Phillip Hallam-Baker hal...@gmail.com writes:
Quick question, anyone got a good scheme for key stretching?
http://lmgtfy.com/?q=hkdfl=1
Peter :-).
___
The cryptography mailing list
cryptography@metzdowd.com
24 matches
Mail list logo