also sprach Peter Gutmann [EMAIL PROTECTED] [2004.06.03.1014 +0200]:
One-time passwords (TANs) was another thing I covered in the Why
isn't the Internet secure yet, dammit! talk I mentioned here
a few days ago. From talking to assorted (non-European) banks,
I haven't been able to find any
also sprach Russell Nelson [EMAIL PROTECTED] [2004.05.30.0515 +0200]:
- The infrastructure is not there. Two standards compete for
email cryptography, and both need an infrastructure to back
Two standards? DomainKeys and what else?
I meant PGP and S/MIME
also sprach Ed Gerck [EMAIL PROTECTED] [2004.05.28.1853 +0200]:
It's industry support. We know what it means: multiple,
conflicting approaches, slow, fragmented adoption -- will not
work. It would be better if the solution does NOT need industry
support at all, only user support. It should use
- Forwarded message from Lucky Green [EMAIL PROTECTED] -
I spent the last few months working at PGP on a nifty new solution to an
old problem: how to get email encryption deployed more widely without
requiring user education.
Since ideas for solving this problem have been
it came up lately in a discussion, and I couldn't put a name to it:
a means to use symmetric crypto without exchanging keys:
- Alice encrypts M with key A and sends it to Bob
- Bob encrypts A(M) with key B and sends it to Alice
- Alice decrypts B(A(M)) with key A, leaving B(M), sends it to
also sprach R. A. Hettinga [EMAIL PROTECTED] [2003.10.13.0639 +0200]:
The time to stop this nonsense is now, and there's a non-governmental,
low-cost, low-effort way it could happen. Here's my plan of action, it's
not original to me but I want to lay it out publicly as a battle plan:
also sprach Ian Grigg [EMAIL PROTECTED] [2003.09.25.2253 +0200]:
I wouldn't put all of the blame on Microsoft, Schneier said,
the problem is the monoculture.
On the face of it, this is being too kind and not striking at the
core of Microsoft's insecure OS. For example, viruses are almost
and the general hype about quantum cryptography, I am bugged by
a question that I can't really solve. I understand the quantum
theory and how it makes it impossible for two parties to read the
same stream. However,
also sprach David Wagner [EMAIL PROTECTED] [2003.09.13.2306 +0200]:
You're absolutely right. Quantum cryptography *assumes* that you
have an authentic, untamperable channel between sender and
receiver. The standard quantum key-exchange protocols are only
applicable when there is some other
also sprach C. Wegrzyn [EMAIL PROTECTED] [2003.07.08.2324 +0200]:
This is the same approach used in the Authentica system but it is
deployed in an enterprise environment.
Sure, but this doesn't make it any more secure. I only know very
little about Authentica, but it also doesn't strike my
also sprach Arnold G. Reinhold [EMAIL PROTECTED] [2003.06.29.0424 +0200]:
I am not sure I understand. How does this relate to my question?
Where does the other factor come from?
I got the impression, and maybe I misunderstood, that you were
viewing a product of two primes aA, where a was
The Check Point Firewall-1 Docs insist, that the public keys be used
for p and g for the Oakley key exchange. I ask you: is this
- which of the two pubkeys will be p, which g?
- are they both always primes?
- are they both always suitable generators mod p?
It just seems to me
As far as I can tell, IPsec's ESP has the functionality of
authentication and integrity built in:
2.7 Authentication Data
The Authentication Data is a variable-length field containing an
Integrity Check Value (ICV) computed over the ESP packet minus
also sprach David Shaw [EMAIL PROTECTED] [2003.06.18.0240 +0200]:
The problem is that the PKS keyserver was not written to handle keys
with multiple subkeys.
Thanks for the explanation. I didn't know about subkeys.pgp.net yet.
Moreover, I second the belief that the keyservers must be
I just ran across
but there are many more sites like that:
Secure multiple websites with a single PremiumSSL Certificate. For
organisations hosting a single domain name but with different
also sprach Stefan Kelm [EMAIL PROTECTED] [2003.06.16.1652 +0200]:
Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm
the owner of that domain). I could then set up an SSL server with a
hostname of something like
Mail list logo