2014-12-17 21:41 GMT+01:00 Jeffrey Walton :
>
> Has anyone come across any reports of abuse due to Sony's compromised
> root? I believe its named "Sony Corp. CA 2 Root"?
>
> I did not find it in the Windows 8.1 certificate store. Are any of the
> browsers carrying it around?
>
Since Vista, you'll
2013/10/4 Paul Wouters
> [...]
> People forget the NSA has two faces. One side is good. NIST and FIPS
> and NSA are all related. One lesson here might be, only use FIPS when
> the USG requires it. That said, a lot of FIPS still makes sense. I'm
> surely not going to stick with md5 or sha1.
>
>
W
The serial number you find in the subject of an EV certificate is the
registration number of the company (Paypal Inc, in Delaware). There's
absolutely no problem in having different certificates with this repeating
serial number (in the subject), as long as they are delivered to the right
company.
Even with only perfect public CAs that do not issue certificates for
unapproved namespaces, the problem persists.
A company can have a private namespace (TLD) for its internal use, and a
private CA, trusted by its employees. The mail server would have a name in
this private namespace, with a certi
2013/1/5 Ryan Hurst
> I've been unable to find a screenshot but this FAQ does suggest that there
> is an explicit action required to enable HTTPS inspection:
> https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65123
>
>
I don't see anythin
2012/10/26 John Case :
[...]
> And the hackernews discussion led me to "OpenSSL is written by monkeys":
>
> http://www.peereboom.us/assl/assl/html/openssl.html
>
> So, given what is in the stanford report and then reading this rant about
> openssl, I am wondering just how bad openssl is ? I've nev
Getting random out of spoofable radio signals? Good idea.
2012/10/12 Eugen Leitl :
> - Forwarded message from "Naslund, Steve" -
>
> From: "Naslund, Steve"
> Date: Thu, 11 Oct 2012 23:27:56 -0500
> To: na...@nanog.org
> Subject: RE: best way to create entropy?
>
> I know that a popular m
2012/7/2 Thor Lancelot Simon
> [...]
> Besides PGP, what other standard, widely-deployed protocols require the
> use of padding types other than OAEP?
>
TLS, up to v1.2. PKCS#1v1.5 is mandatory.
--
Erwann.
___
cryptography mailing list
cryptography@r
2012/6/11 Ben Laurie
> On Mon, Jun 11, 2012 at 1:56 AM, Nico Williams
> wrote:
> > On Sun, Jun 10, 2012 at 3:03 PM, Florian Weimer
> wrote:
> >> * Marsh Ray:
> >>
> >>> Marc Stevens and B.M.M. de Weger (of
> >>> http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the
> >>> collision
2012/6/5 Marsh Ray
> [...]
>
> An excerpt:
> "That’s right, every single enterprise user of Microsoft Terminal Services
> on the planet had a CA key that could issue as many code signing
> certificates they wanted and for any name they wanted."
>
> It sounds as if Windows users might have a milli
It's also not clear about what could have been done with TS certificates.
Is it only codesigning, or TLS server as well?
--
Erwann.
Le 4 juin 2012 09:57, "Marsh Ray" a écrit :
>
> In case its not clear from the filenames (e.g. the email system drops
them) there were three certs revoked. These a
11 matches
Mail list logo