Danilo Gligoroski danilo.gligoro...@gmail.com wrote:
1. Indeed these discussions among the security community
2. Eventually some contacts with journalists will help the cause (one live
demonstration on some security/crypto conference like Usenix, Black Hat,
Crypto, ... will do the job).
3. I
On Thu, May 23, 2013 at 09:38:18AM +0200, David Adamson wrote:
Danilo Gligoroski danilo.gligoro...@gmail.com wrote:
1. Indeed these discussions among the security community
2. Eventually some contacts with journalists will help the cause (one live
demonstration on some security/crypto
Dear all,
is anyone of you aware of a (preferably open source) tool that keeps a
database of certificates and sends e-mail reminders about the impending
expiry (and hence the probable necessity of a renewal) to configurable
e-mail address of the respective responsible person?
Regards,
Dear Hans-Joachim,
Oddly, there is in fact one, which “suddenly” appeared on my servers and
which is nagging me currently about a soon-to-expire certificate. It
sends out daily mails to root@host.domain with detailed information.
It's called certwatch and is at least shipped with fedora. It can
A generic solution is any kind of scheduler/calendar/reminder, right? Or
what kind of tool to you imagine, and how is that specific to crypto?
On 23.05.2013 16:05, Hans-Joachim Knobloch wrote:
Dear all,
is anyone of you aware of a (preferably open source) tool that keeps a
database of
Also be aware of the caveat that if you have a VIP with SSL termination
behind it (i.e. on the hosts) and the CN points to the VIP you will be
hitting only one of the many servers when doing verification. Same story
with geo load balancing.
It gets worse with active-passive deployments since you
On Mon, May 20, 2013 at 1:50 PM, Mark Seiden m...@seiden.com wrote:
On May 20, 2013, at 1:18 PM, Nico Williams n...@cryptonector.com wrote:
Corporations are privacy freaks. I've worked or consulted for a
number of corporations that were/are extremely concerned about data
exfiltration.
this
Jitsi is XMPP or SIP. For the text-part, they have built-in support for
OTR. Otherwise, there is no end-to-end secrecy as far as I know.
For voicecalls, they have something similar, with some shared-secret
verification which is validated using the text-channel, which is best
secured with OTR I
They have implemented ZRTP for end to end security. It works with a
diffie hellman key exchange, while protecting against man-in-the-middle
attackers by comparing Short Authentication Strings (SAS). When you know
the voice of the other person you can exclude Eve.
see
can someone give a few lines of explanation on how the Retained shared
Secret (RS) is used in ZRTP?
second, is it possible for an attacker to force an RS validation error
(e.g. simulating network connection error by having a router drop
packets) and then MiTM the DH handshake?
the SAS is only 4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
About the SAS:
ZRTP uses a so called Hash Commitment with traditional Hashes before
generating SAS values for voice comparison.
See http://zfone.com/docs/ietf/rfc6189bis.html#HashCommit
The use of hash commitment in the DH exchange constrains the
On 2013-05-23 17:47:13 +0200 (+0200), Hans-Joachim Knobloch wrote:
[...]
Maybe I would even start a project to develop such a tool. But why start
coding if there already is a =80% solution to the problem? Hence my
request.
[...]
Did this for years with Nagios (formerly Netsaint), using the
On 2013-05-23 3:28 AM, Florian Weimer wrote:
* Adam Back:
If you want to claim otherwise we're gonna need some evidence.
https://login.skype.com/account/password-reset-request
This is impossible to implement with any real end-to-end security.
Skype's claim was that it was end to end,
13 matches
Mail list logo