in Ars Technica:
http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
(except for RC4) is (probably) not going to be your symmetric cipher.
It will be protocol flaws and implementation flaws. No point in
making the barn out of titanium if you're not going to put a door on
it.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Tue, 17 Sep 2013 11:35:34 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Added c...@panix.com -- if you want to re-submit this (and maybe not
top post it) I will approve it...
Gah! Accidentally forwarded that to the whole list, apologies.
--
Perry E. Metzgerpe
for low performance
applications to do something like Bill Frantz suggests. It is in the
nature of people in our community to like playing with such things.
Just don't take them *too* seriously please.
Perry
--
Perry E. Metzgerpe...@piermont.com
ripping the chip apart.
On 9/12/13 11:00 AM, Perry E. Metzger pe...@piermont.com wrote:
On Wed, 11 Sep 2013 17:06:00 -0700 Tony Arcieri basc...@gmail.com
wrote:
It seems like Intel's approach of using thermal noise is fairly
sound. Is there any reason why it isn't more widely adopted
Recommends phasing out RC4 among other things:
http://blog.ivanristic.com/2013/09/updated-best-practices-deprecate-rc4.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
are unpredictable and do not repeat, it prevents a
bad actor from using the IV as a covert channel. (Some would argue
against using CBC mode entirely -- see Rogaway's paper on block
cipher modes.)
Perry
--
Perry E. Metzgerpe...@piermont.com
rather than breaking the crypto:
putting back doors in protocols, stealing keys, encouraging weak
RNGs, adding flaws to hardware, etc. -- as well as doing active
attacks using stolen or broken CA keys.
I don't doubt that they archive everything they can forever, of
course.
Perry
--
Perry E. Metzger
Matthew Green tweeted earlier today that Johns Hopkins will be hosting
a roundtable at 10am EDT tomorrow (Wednesday, September 18th) to
discuss the NSA crypto revelations.
Livestream will be at: https://connect.johnshopkins.edu/jhuisicrypto/
Perry
--
Perry E. Metzgerpe
keys, theft of RSA keys may very well be
much easier in many cases than broader forms of sabotage.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman
the (not very usable)
seLinux MAC (Multilevel Access Control) system, so clearly they do
some hacking on security infrastructure.
(I will not argue with the larger point though.)
Perry
--
Perry E. Metzgerpe...@piermont.com
I've not been able to figure out if Apple is using certificate
pinning for its applications (including its update systems) that seem
to use PKI. Does anyone know?
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
of
the couple thousand people reading along.
I'd like to ask participants to please:
1) Write compactly but clearly.
2) Avoid repeating themselves.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
.html
In summary, I proposed a way you can map IDs to keys through pure
long term observation/widely witnessed events. The idea is not
original given that to some extent things like Certificate
Transparency already do this in other domains.
Perry
--
Perry E. Metzgerpe
in strength --
see the RFC itself for details.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
be welcome of course.)
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
.
It is of course possible that there's been secret research on this at
NSA which has gotten far further, but I would expect that the
manufacturing technology needed to do that would require a huge
number of people to pull off, too many to keep quiet indefinitely.
Perry
--
Perry E. Metzgerpe
chain.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Fri, 13 Sep 2013 15:46:58 -0500 Nico Williams
n...@cryptonector.com wrote:
On Fri, Sep 13, 2013 at 03:17:35PM -0400, Perry E. Metzger wrote:
On Thu, 12 Sep 2013 14:53:28 -0500 Nico Williams
n...@cryptonector.com wrote:
Traffic analysis can't really be defeated, not in detail
proposals.
I agree this makes email delivered malware continue to be a bit of a
problem, though you could only get it from your friends.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography
and that the design wasn't sabotaged. That's harder to do.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
validate. Yes,
this is hard.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
.)
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
that depends on known plaintext, crib dragging (that
is, trying all of the small number of possibilities) is easy.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com
calculation. If you don't transmit
the IVs at all but calculate them, the system will not interoperate if
the implicit IVs aren't calculated the same way by both sides, thus
ensuring that the covert channel is closed.
Perry
--
Perry E. Metzgerpe...@piermont.com
be fabricated on chip and thus have
nearly zero marginal cost. The huge disadvantage is that if your
opponent can convince chip manufacturers to introduce small changes
into their design, you're in trouble.
Perry
--
Perry E. Metzgerpe...@piermont.com
give you
an IV?
Certainly, but if you remove most or all covert channels, you've
narrowed the problem down to auditing the RNG instead of having to
audit much more of the system. It is all a question of small steps
towards better assurance. No one measure will fix everything.
--
Perry E. Metzger
+0200
From: Adam Back a...@cypherspace.org
To: Perry E. Metzger pe...@piermont.com
Cc: Alexander Klimov alser...@inbox.ru, Cryptography List
cryptography@metzdowd.com, Adam Back a...@cypherspace.org
Subject: Re: [Cryptography] how could ECC params be subverted other
evidence
Perry wrote
long.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sun, 8 Sep 2013 15:22:32 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Ah, now *this* is potentially interesting. Imagine if you have a
crypto accelerator that generates its IVs by encrypting information
about keys in use using a key an observer might have or could guess
from a small
precisely this attack.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
in standards work any longer. A set
of short sighted, foolish decisions have created tragedy for all.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
), and have enough key material, a
second key might be of value for that -- but I don't know what all
the ins and outs are, and would prefer to read the literature...
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing
On Mon, 9 Sep 2013 14:18:41 +0300 Alexander Klimov
alser...@inbox.ru wrote:
On Sun, 8 Sep 2013, Perry E. Metzger wrote:
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at
least in theory, still current?
I am
E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
for saying this, in an environment where the NSA
is spending $250M a year to undermine efforts like your own it is
impossible for third parties to trust black boxes any longer. I think
you may not have absorbed that what a week or two ago was a paranoid
fantasy turns out to be true.
Perry
--
Perry E
On Tue, 10 Sep 2013 00:23:51 +0200 Adam Back a...@cypherspace.org
wrote:
On Mon, Sep 09, 2013 at 06:03:14PM -0400, Perry E. Metzger wrote:
On Mon, 9 Sep 2013 14:07:58 +0300 Alexander Klimov wrote:
No. They are widely used curves and thus a good way to reduce
conspiracy theories
, a week ago this was paranoia, but now we have confirmation, so
it is no longer paranoia.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
On Tue, 10 Sep 2013 00:25:20 +0100 Peter Fairbrother
zenadsl6...@zen.co.uk wrote:
On 09/09/13 23:03, Perry E. Metzger wrote:
On Mon, 9 Sep 2013, Daniel wrote:
[...] They are widely used curves and thus a good way to reduce
conspiracy theories that they were chosen in some malicious way
that it has
acted as an enormous tar baby.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
the corresponding plaintext when any given ciphertext
might correspond to many, many different plaintexts depending
on the key. That's clearly not something you can do.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography
On Sun, 8 Sep 2013 15:55:52 -0400 Thor Lancelot Simon
t...@rek.tjls.com wrote:
On Sun, Sep 08, 2013 at 03:22:32PM -0400, Perry E. Metzger wrote:
Ah, now *this* is potentially interesting. Imagine if you have a
crypto accelerator that generates its IVs by encrypting
information about keys
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at least
in theory, still current?
(I'm also curious as to whether anyone has ever proposed fixes to the
weaknesses in the key schedule...)
Perry
--
Perry E. Metzger
. This clearly shows the dramatic
effect an adversary that controls multiple ASes can have on
security.
Disclaimer: one of the authors (Micah Sherr) is a doctoral brother.
Perry
--
Perry E. Metzgerpe...@piermont.com
should worry about anyway.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sat, 07 Sep 2013 09:33:28 +0100
Brian Gladman b...@gladman.plus.com wrote:
On 07/09/2013 01:48, Chris Palmer wrote:
Q: Could the NSA be intercepting downloads of open-source
encryption software and silently replacing these with their own
versions?
Why would they perform the attack
1) Volume has gotten understandably high the last few days given the
current news. I'd like people to please consider if their posting
conveys interesting information before sending.
2) Please adjust the Subject lines of your messages if your posting
deviates from the original Subject. This makes
On Sat, 07 Sep 2013 13:01:53 -0700
Ray Dillinger b...@sonic.net wrote:
I think we can no longer rule out the possibility that some attacker
somewhere (it's easy to point a finger at the NSA but it could be
just as likely pointed at GCHQ or the IDF or Interpol) may have
secretly developed a
On Sat, 7 Sep 2013 13:06:14 -0700
Tony Arcieri basc...@gmail.com wrote:
In order to beat quantum computers, we need to use public key systems
with no (known) quantum attacks, such as lattice-based (NTRU) or
code-based (McEliece/McBits) algorithms. ECC and RSA will no longer
be useful.
I'm
On Sat, 7 Sep 2013 17:46:39 -0400
Derrell Piper d...@electric-loft.org wrote:
On Sep 6, 2013, at 11:51 PM, Marcus D. Leech mle...@ripnet.com
wrote:
The other thing that I find to be a dirty little secret in PK
systems is revocation. OCSP makes things, in some ways, better
than CRLs,
On Sat, 7 Sep 2013 20:43:39 -0400 I wrote:
To my knowledge, there is no ECC analog of Shor's algorithm.
...and it appears I was completely wrong on that.
See, for example: http://arxiv.org/abs/quantph/0301141
Senility gets the best of us.
Perry
___
On Thu, 5 Sep 2013 21:42:29 -0700 Jon Callas j...@callas.org wrote:
On Sep 5, 2013, at 9:33 PM, Perry E. Metzger pe...@piermont.com
wrote:
It is probably very difficult, possibly impossible in practice, to
backdoor a symmetric cipher. For evidence, I direct you to this
old paper
this, but of course the phone is
not exactly a secure platform to begin with...
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
of users. Random number generator flaws would seem like
an obvious possibility here.
This is especially disturbing because other actors can now start
doing teardowns on a wide variety of such devices looking to find the
flaws so they can themselves attack the traffic in question.
Perry
--
Perry E
that some voices will say
additional delay harms user experience. Such voices should be
ruthlessly ignored.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com
On Fri, 6 Sep 2013 18:18:05 +0100 Ben Laurie b...@links.org wrote:
On 6 September 2013 18:13, Perry E. Metzger pe...@piermont.com
wrote:
Google is also now (I believe) using PFS on their connections, and
they handle more traffic than anyone. A connection I just made to
https
like it would be valuable for
most Tor nodes to be running newer software anyway.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
, but presumably
it was far from the only target.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
doing so
without realizing they're harming internet security, but we can no
longer presume that is the motive.)
Chrome handles 1.2, there is no longer any real excuse for the others
not to do the same.
Perry
--
Perry E. Metzgerpe...@piermont.com
no credibility, and -- the real problem -- no way for us to
verify anything these people might say.
https://www.schneier.com/blog/archives/2013/09/conspiracy_theo_1.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography
Some interesting nuggets here, including the fact that he explicitly
calls out the existence of NSA's new HUMINT division that infiltrates
corporations for a living.
http://blog.cryptographyengineering.com/2013/09/on-nsa.html
--
Perry E. Metzgerpe...@piermont.com
a one liner
followed by a 75 line intact original, be prepared to see a rejection
message.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
-in-encryption.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
I hate to ask this yet again, but:
Please, please, please don't top post.
Please, please, please edit down your replies.
If your mobile device, say, doesn't let you do otherwise, it can
probably wait half an hour until you get to a machine with a keyboard.
--
Perry E. Metzger
interest.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
inappropriate material.
At the same time, I will repeat that reasonably informed
technical speculation is appropriate, as is any solid information
available.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
On Thu, 5 Sep 2013 16:53:15 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Classified N.S.A. memos appear to confirm that the fatal
weakness, discovered by two Microsoft cryptographers in 2007, was
engineered by the agency. The N.S.A. wrote the standard and
aggressively pushed
be
indecipherable to criminals or governments
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
not to feel overly strongly that
this is what happened, but it does lead one to wonder strongly.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman
On Thu, 5 Sep 2013 15:58:04 -0400 Perry E. Metzger
pe...@piermont.com wrote:
I would like to open the floor to *informed speculation* about
BULLRUN.
Here are a few guesses from me:
1) I would not be surprised if it turned out that some people working
for some vendors have made code
Quite worth reading. There is some speculation in there about various
weaknesses that may have been added as well.
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
--
Perry E. Metzgerpe...@piermont.com
searches,
Internet chats and phone calls of Americans and others around the
world, the documents show.
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all
--
Perry E. Metzgerpe...@piermont.com
that it
is impossible that they can break 3DES at this point, but it doesn't
sound like that's what is being discussed here.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
, but is it an actual worry in other contexts? I tend not to
believe that but I'm curious about opinions.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com
Denning's old report on that for a reminder.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
or to something similarly worthwhile.
Yes, this is irresistible gossip for many of us, but I don't know that
it is interesting beyond that, and our traffic levels are quite high
right now already.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Fri, 06 Sep 2013 12:13:48 +1200 Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Perry E. Metzger pe...@piermont.com writes:
I would like to open the floor to *informed speculation* about
BULLRUN.
Not informed since I don't work for them, but a connect-the-dots:
1. ECDSA/ECDH (and DLP
On Fri, 06 Sep 2013 13:50:54 +1200 Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Perry E. Metzger pe...@piermont.com writes:
Does that make them NSA plants? There's drafts for one or
two more fairly basic fixes to significant problems from other
people that get stalled forever, while
to this old
paper by Blaze, Feigenbaum and Leighton:
http://www.crypto.com/papers/mkcs.pdf
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
tell, such
ciphers are actually quite secure, though impractically slow.
Pointers to his original sci.crypt posting would be appreciated, I
wasn't able to find it with a quick search.
Perry
--
Perry E. Metzgerpe...@piermont.com
the
scope of the list. There are a bunch of google people on the mailing
list, perhaps one or more of them might want to contact Lucky in
private and see if they can help him with his question.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Wed, 4 Sep 2013 10:37:12 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Phil Karn described a construction for turning any hash function
into the core of a Feistel cipher in 1991. So far as I can tell,
such ciphers are actually quite secure, though impractically slow.
Pointers to his
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
that factoring and discrete logs
over the integers aren't as hard as people had thought.
Not at all, and the rationale is public and seen above.
I believe you're incorrectly claiming that we know much less than we
actually do here.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Mon, 2 Sep 2013 19:53:03 +0200 Faré fah...@gmail.com wrote:
On Mon, Sep 2, 2013 at 7:19 PM, Perry E. Metzger
pe...@piermont.com wrote:
On Mon, 2 Sep 2013 03:00:42 +0200 Faré fah...@gmail.com wrote:
At intervals, the trustworthy organization (and others like
it) can send out email
On Mon, 2 Sep 2013 15:09:31 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
leich...@lrw.com wrote:
- To let's look at what they want for TOP SECRET. First off,
RSA - accepted
with strong typing to be preserved in the delivered machine code in
the first place.)
I leave speculation to pundits, and prefer to write code and design
protocols.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
are something you can actually do something about.)
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
, proof
carrying code, microkernels, hardware assists, formal verification...
in the hopes that the mumbling might set some minds thinking.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography
speculation on
the basis of no actual concrete information isn't that productive.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com
wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the USG likes using it, too.
That's also evidence for eliptic curve techniques btw.
Perry
--
Perry E. Metzgerpe
On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
leich...@lrw.com wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact
have non-technical friends who use it and are totally
happy with the results. I wish there was an automated thing in Time
Machine to let me trade backups with an offsite friend as well.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Thu, 29 Aug 2013 01:18:59 +1000 (EST) Dave Horsfall
d...@horsfall.org wrote:
On Wed, 28 Aug 2013, Perry E. Metzger wrote:
Anyway, I've already started implementing my proposed solution to
that part of the problem. There is still a need for a distributed
database to handle the lookup
On Wed, 28 Aug 2013 10:43:24 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter
leich...@lrw.com wrote:
It's not as if this isn't a design we have that we know works:
DNS.
Read what I said
it
be nice to make some progress in the other direction?
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
understand why people would want to do
it that way. It is not, however, practical if one wants to deploy in
months and not decades, and it makes trust entirely hierarchical.
Perry
--
Perry E. Metzgerpe...@piermont.com
in the first of my three messages on my proposed new
model -- it also happens to handle revocation reasonably well
(though imperfectly).
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
1 - 100 of 623 matches
Mail list logo