Re: Fwd: [IP] A Simpler, More Personal Key to Protect Online Messages

Tim Dierks writes: > I don't think it's an interesting solution. I don't see any interesting > application that's possible with this system which you couldn't do with > existing public-key cryptography: for example, I could write a protocol & > software where you could request a public key from

Re: pubkeys for p and g

martin f krafft writes: > My point was that some commercial vendors (Check Point and others) > claim, that if two partners want to perform a DH key exchange, they > may use their two public keys for g and p. This, in effect, would > mean that g and p were not globally known, but that the public key

Re: An attack on paypal

Steven M. Bellovin wrote: > Let me point folk at http://www.securityfocus.com/news/5654 > for a related issue. To put it very briefly, *real* authentication is > hard. It may be that real authentication is hard, but the unbelievably sloppy practices of domain name registrars doesn't prove the cas

Re: The real problem that https has conspicuously failed to fix

Jeffrey I. Schiller writes: > Oh, and btw, the form posting URL in my message wasn't even https, it > was just http. So all the futzing in the world with https wouldn't help! Of course it would help. Have you been following this discussion at all? The idea is to eliminate passwords as being of

RE: Keyservers and Spam

The solution to this problem is simple. We want to be able to look up keys on the key servers by email address or user name or keyid. But we don't want the system to be useful for spam harvesting. Simply require that lookups be by valid email address or user name. Eliminate the wildcard searching

Re: An attack on paypal --> secure UI for browsers

Tim Dierks wrote: > - Get browser makers to design better ways to communicate to users that > UI elements can be trusted. For example, a proposal I saw recently which > would have the OS decorate the borders of "trusted" windows with facts or > images that an attacker wouldn't be able to predic

Re: web apps with large volumes of bidirectional http traffic

Ryan Lackey writes: > I need to find some relatively widely deployed applications which have > frequent user interactions (rapid clicking on links, from as large a > population of links as possible, and also form filling and such). > > (it should be pretty obvious what this is for) It's not, real