-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Found at:
http://www.nytimes.com/2007/02/05/technology/05secure.html?ex=1328331600en=295ec5d0994b0755ei=5090partner=rssuserlandemc=rss
To quote from the above:
The idea is that if customers do not see their [preselected] image,
they
On Sep 30, 2013, at 9:01 PM, d.nix d@comcast.net wrote:
It's also worth pointing out that common browser ad blocking / script
blocking / and site redirection add-on's and plugins (NoScript,
AdBlockPlus, Ghostery, etc...) can interfere with the identification
image display. My bank uses
Bill said he wanted a piece of paper that could help verify his bank's
certificate. I claimed he's in the extreme minority who would do that and he
asked for proof.
I can only, vaguely, recall that one of the East Coast big banks (or perhaps
the only one that is left) at one point had a
I think, if we are about redesigning and avoiding the failures of the
past, we have to unravel the false assumptions of the past...
On 20/09/13 01:21 AM, Phillip Hallam-Baker wrote:
...
Bear in mind that securing financial transactions is exactly what we
designed the WebPKI to do and it
On Sep 19, 2013, at 5:21 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
Criminals circumvent the WebPKI rather than trying to defeat it. If they did
start breaking the WebPKI then we can change it and do something different.
If criminals circumvent the PKI to steal credit card numbers,
On Thu, Sep 19, 2013 at 4:15 PM, Ben Laurie b...@links.org wrote:
On 18 September 2013 21:47, Viktor Dukhovni cryptogra...@dukhovni.orgwrote:
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will
On Thu, Sep 19, 2013 at 5:11 PM, Max Kington mking...@webhanger.com wrote:
On 19 Sep 2013 19:11, Bill Frantz fra...@pwpconsult.com wrote:
On 9/19/13 at 5:26 AM, rs...@akamai.com (Salz, Rich) wrote:
I know I would be a lot more comfortable with a way to check the mail
against a piece of
Salz, Rich writes:
I would say this puts you in the sub 1% of the populace. Most
people want to do things online because it is much easier and gets
rid of paper. Those are the systems we need to secure. Perhaps
another way to look at it: how can we make out-of-band verification
I know I would be a lot more comfortable with a way to check the mail against
a piece of paper I received directly from my bank.
I would say this puts you in the sub 1% of the populace. Most people want to
do things online because it is much easier and gets rid of paper. Those are
the
On Wed, Sep 18, 2013 at 08:47:17PM +, Viktor Dukhovni wrote:
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be realistic for SMTP next year (provided
DNSSEC gets off the ground)
Hi John,
(I think we are in agreement here, there was just one point below where
I didn't make myself clear.)
On 18/09/13 23:45 PM, John Kemp wrote:
On Sep 18, 2013, at 4:05 AM, ianG i...@iang.org wrote:
On 17/09/13 23:52 PM, John Kemp wrote:
On Sep 17, 2013, at 2:43 PM, Phillip
On 9/19/13 at 5:26 AM, rs...@akamai.com (Salz, Rich) wrote:
I know I would be a lot more comfortable with a way to check the mail against a
piece of paper I
received directly from my bank.
I would say this puts you in the sub 1% of the populace. Most
people want to do things online because
On 9/18/13 5:50 PM, Viktor Dukhovni cryptogra...@dukhovni.org wrote:
On Wed, Sep 18, 2013 at 08:47:17PM +, Viktor Dukhovni wrote:
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be
On 19 Sep 2013 19:11, Bill Frantz fra...@pwpconsult.com wrote:
On 9/19/13 at 5:26 AM, rs...@akamai.com (Salz, Rich) wrote:
I know I would be a lot more comfortable with a way to check the mail
against a piece of paper I
received directly from my bank.
I would say this puts you in the sub
Given that many real organizations have hundreds of front end
machines sharing RSA private keys, theft of RSA keys may very well be
much easier in many cases than broader forms of sabotage.
Or we could make it easy to have one separate RSA key per front end, signed
using the main RSA key of
On Tue, Sep 17, 2013 at 11:48:40PM -0700, Christian Huitema wrote:
Given that many real organizations have hundreds of front end
machines sharing RSA private keys, theft of RSA keys may very well be
much easier in many cases than broader forms of sabotage.
Or we could make it easy to
Another consideration is that the NSA isn't the only bad actor out
there. Improving the robustness of TLS and other security protocols will
defend against other attacks.
___
The cryptography mailing list
cryptography@metzdowd.com
A few clarifications
1) PRISM-Proof is a marketing term
I have not spent a great deal of time looking at the exact capabilities of
PRISM vs the other programs involved because from a design point they are
irrelevant. The objective is to harden/protect the infrastructure from any
ubiquitous,
On 17/09/13 23:52 PM, John Kemp wrote:
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker hal...@gmail.com
I am sure there are other ways to increase the work factor.
I think that increasing the work factor would often result in
switching the kind of work performed to that which is easier
On 18 September 2013 15:30, Viktor Dukhovni cryptogra...@dukhovni.orgwrote:
On Tue, Sep 17, 2013 at 11:48:40PM -0700, Christian Huitema wrote:
Given that many real organizations have hundreds of front end
machines sharing RSA private keys, theft of RSA keys may very well be
much easier
On 9/18/13 at 6:08 AM, hal...@gmail.com (Phillip Hallam-Baker) wrote:
If I am trying to work out if an email was really sent by my bank then I
want a CA type security model because less than 0.1% of customers are ever
going to understand a PGP type web of trust for that particular purpose.
But
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be realistic for SMTP next year (provided
DNSSEC gets off the ground) with the release of Postfix 2.11, and
with luck also a DANE-capable
On Sep 18, 2013, at 4:05 AM, ianG i...@iang.org wrote:
On 17/09/13 23:52 PM, John Kemp wrote:
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker hal...@gmail.com
I am sure there are other ways to increase the work factor.
I think that increasing the work factor would often result in
On Wed, Sep 18, 2013 at 08:47:17PM +, Viktor Dukhovni wrote:
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be realistic for SMTP next year (provided
DNSSEC gets off the ground)
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
My phrase PRISM-Proofing seems to have created some interest in the press.
PRISM-Hardening might be more important, especially in the short term. The
objective of PRISM-hardening is not to prevent an attack
On Tue, 17 Sep 2013 16:52:26 -0400 John Kemp j...@jkemp.net wrote:
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker
hal...@gmail.com wrote:
The objective of PRISM-hardening is not to prevent an
attack absolutely, it is to increase the work factor for the
attacker attempting ubiquitous
On Tue, Sep 17, 2013 at 05:01:12PM -0400, Perry E. Metzger wrote:
(Note that this assumes no cryptographic breakthroughs like doing
discrete logs over prime fields easily or (completely theoretical
since we don't really know how to do it) sabotage of the elliptic
curve system in use.)
27 matches
Mail list logo