Paul Hoffman paul.hoff...@vpnc.org writes:
We don't all observe that. Some of us observe a third, more likely
approach: nothing significant happens due to this event. The collapse of
faith is only among the security folks whose faith was never there in the
first place. A week after the event, who
Peter Gutmann pgut...@cs.auckland.ac.nz commented:
#[0] I'm being conservative here, in practice I don't recall seeing anyone
#expressing faith in PKI, but I didn't read every one of the vast numbers
#of comments.
Well, I'd suggest that NIST 800-63
On Sep 12, 2011, at 2:02 AM, Ian G wrote:
(There are likely some Googlers on this list who can speak authoritatively
on whether their management are scared as hell or even noticing.)
Googlers are unlikely to do so. Google has a firm rule about not discussing
business outside the company.
On 2011-09-13 5:22 AM, Peter Gutmann wrote:
Some years ago I predicted that it'd take an Enron-scale catastrophe to
finally get browser security fixed.
Note that Enron led to Sarbanes Oxley, which mandated a mighty
bureaucracy to do even more of what accountants had been doing before Enron.