[Responding to the same three lists as before, please trim followups if you
feel it's off-topic]
In response to my earlier "OCSP is unfixably broken, by design" comments, a
couple of people have responded off-list with variants of "OK smartypants, how
would you do it better?". In order to provid
On Tue, Sep 6, 2011 at 5:56 PM, David Koontz wrote:
>
>
> http://arstechnica.com/security/news/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached.ars
:: "As with the statements issued after the Comodo hack, the DigiNotar
statement was clear about one thing: the sophistication of the
http://arstechnica.com/security/news/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached.ars
The Comodo Hack mentioned in the DigiNotar Interim Report
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailm
On 2011-09-06, at 23:10 , Lucky Green wrote:
> I can't help but chuckle about Diginotar's very public display of
> security incompetence. I mean, who in our line of work can be expected
> to keep a straight face when reading gems such as this one taken from
> the report by Diginotar's incidence re
I can't help but chuckle about Diginotar's very public display of
security incompetence. I mean, who in our line of work can be expected
to keep a straight face when reading gems such as this one taken from
the report by Diginotar's incidence response rapporteur:
"The separation of critical compon
On 7/09/11 3:03 AM, Gervase Markham wrote:
2) the lack of CA advertising in the chrome.
This is an old argument, and my position remains:
Yes, and yes :)
there is no way we are
ever going to get average users to pay attention to CA branding,
I've watched TV so I know what an advert is ;)
On 5/09/11 7:23 PM, Gervase Markham wrote:
Hi Peter,
On 04/09/11 07:15, Peter Gutmann wrote:
Blacklist-based validity checking, the Second Dumbest Idea in Computer
Security (Marcus Ranum), doesn't work:
Diginotar issued certs for which there was no record of issuance, therefore
they coul
On 6/09/11 1:07 PM, Peter Gutmann wrote:
This is true, but I'm not sure it's particularly relevant. (Who claims that
HSMs are magic pixie dust?)
CAs, when they issue a press release saying "everything's OK, we never lost
control of our private key"? Some European countries also seem to have a
The article itself is English (to my suprise, honestly) but if there's
any pheriferal information you'd like to have translation off, I'm
natively Dutch and wouldn't mind helping out.
Practically all Dutch government websites of any significance have a
Diginotar certificate. The government is stal
"Kevin W. Wall" writes:
>I don't read Dutch(?), but seems to have been pulled down. I saw it
>yesterday. Was hoping to share it w/ some of my colleagues.
It was updated after it was posted.
>Do you have alternate URL?
The current link from the reports page is:
http://www.rijksoverheid.nl/docu
On Mon, Sep 5, 2011 at 9:29 PM, Marsh Ray wrote:
>
> Preliminary report on-line:
>
>>
>> http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2011/09/05/fox-it-operation-black-tulip.html
I don't read Dutch(?), but seems to have been pulled down. I saw it
yesterday. Was hoping to share
11 matches
Mail list logo
