Guys, are you trying to kill this list as well?
Can you, please, move this discussion to the sci-fi or theory of conspiracy
_forums_.
Before posting here, please, consider how relevant the discussion is to
Cryptography and how many people will have to read through your insanely
smart comments.
This _was_ a good quality very high signal to noise ratio list but over the
past 3 months had turned into a very noisy, full of social chatter one.
I am thinking there is a way to combine the best of both worlds by moving
the social element to a forum and keep the legit content on the mailing
To: James, just with the scope of large/small cookies.
The problem is that if your cookie is a single number and you have multiple
frontends able to process the request (and you are load balancing) you need
to have those share state in which might not make sense (esp. if you have
geo-distributed
Also be aware of the caveat that if you have a VIP with SSL termination
behind it (i.e. on the hosts) and the CN points to the VIP you will be
hitting only one of the many servers when doing verification. Same story
with geo load balancing.
It gets worse with active-passive deployments since you
To the best of my knowledge in Russia (no, I'm not Russian nor have lived
there so I'm not 100% sure) you need to submit a copy of the private key if
you are operating a website providing encryption on their territory to
allow for legal intercept.
They also have other provisions about wiretapping
The way I read it is something much simpler than attacking the
encryption - it seams to be about operational procedures security.
Think if somebody mis-configures something on the first layer you
still have the second layer. Now if you add two separate teams
managing each layer then you have a
While I'm not a lawyer and my opinion is in noway authoritive I do not
believe there is any violation. They ay be an accessory to a potential
crime but they themselves did not do the tapping.
Now on the other hand those companies that did the tapping should be
OK for as long as they are clear
monitor you for X activity.
Best,
Krassimir
On Sun, Feb 12, 2012 at 3:09 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, Feb 12, 2012 at 5:43 AM, Krassimir Tzvetanov
mailli...@krassi.biz wrote:
While I'm not a lawyer and my opinion is in noway authoritive I do not
believe there is any