Re: $90 for high assurance _versus_ $349 for low assurance
On Tue, Mar 15, 2005 at 11:04:59AM -0500, Victor Duchovni wrote: On Wed, Mar 16, 2005 at 02:23:49AM +1300, Peter Gutmann wrote: Certainly with UIXC it's not worth anything. What is UIXC? lemme guess: universal indiscriminate cross certification oh wait, peter did define it: implicit not indiscriminate -- Ng Pheng Siong [EMAIL PROTECTED] http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Open Source (was Simple SSL/TLS - Some Questions)
On Thu, Oct 09, 2003 at 01:56:47AM +1300, Peter Gutmann wrote: I would add to this the observation that rather than writing yet another SSL library to join the eight hundred or so already out there, it might be more useful to create a user-friendly management interface to IPsec implementations to join the zero or so already out there. The difficulty in setting up any IPsec tunnel is what's been motivating the creation of (often insecure) non- IPsec VPN software, Still coming back to SSL, it seems SSL VPNs are getting bigger: just got a press release that some big firewall vendor (who has an IPsec appliance product) has acquired some (big?) SSL VPN appliance vendor. I believe SSL VPNs are easier than IPsec to deploy and operate for the road warrior accessing corporate resources. This may eventually restrict IPsec's utility to site-to-site tunneling (useful when, e.g., one wishes to run OSPF over the tunnel), which _should_ be far easier to configure without needing the help of some whizbang AI. -- Ng Pheng Siong [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: SSL
On Thu, Jul 10, 2003 at 12:04:33PM +0100, [EMAIL PROTECTED] wrote: guess). However, the complexity of the OpenSSL library has me stumped. (Plus, it's Unix-centric. I'd like to turn it into a Visual Studio port so I could compile without needing cygwin, gcc, etc., but that's another story). It isn't really. I have built OpenSSL using MSVC, BC and mingw. I have a file here called openssl-0_9_7_Patch_VisualStudio6.zip culled from the OpenSSL mailing list. I haven't tried it; if you want, I can send it to you off-list. I'm not going to complain. That's been done to death here. Instead, I have a different question: Where can I learn about SSL? I always suggest learning by doing. The OpenSSL C API is quite big, but there exists wrappers in Perl, Python, Tcl, Ruby, Lisp and possibly whatever high-level language you can think of. (I have one; see .sig.) These makes programming OpenSSL more accessible. While your test programs are running, use ekr's excellent ssldump to see the stuff happening on the wire. There is also a book called SSL and TLS Essentials by Stephen Thomas that just describes the protocol. Refer to the book while you're running your programs and marveling at ssldump's output. Have fun. -- Ng Pheng Siong [EMAIL PROTECTED] http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto SSL - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Session Fixation Vulnerability in Web Based Apps
On Sun, Jun 15, 2003 at 11:34:55AM -0700, James A. Donald wrote: Which is fine provided your code, rather than the framework code provided the cookie, and provided you generated the cookie in response to a valid login, as Ben Laurie does.. The framework, however, generally provides insecure cookies. Dynamic programming environments like Lisp, Smalltalk and Python allow the application programmer to replace parts of a framework with other code easily. Lisp does it better than Python. Dunno about Java, PHP, whatnot. Build your applications with a superior programming system. -- Ng Pheng Siong [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
