Peter Saint-Andre writes:
>No one uses XEP-0027 these days, they all use OTR. The PGP integration with
>XMPP clients was an early experiment in the Jabber community before we even
>called it XMPP. Think 13+ years ago. But clients never signed empty strings,
>although we never fixed the spec becau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/4/13 4:42 PM, Peter Gutmann wrote:
> Quoting http://xmpp.org/extensions/xep-0027.html#signing:
>
> Signing enables a sender to verify that they sent a certain block
> of text. [...] The text that is signed MAY be the empty string.
>
> (There's n
Hi,
strife asked:
#Can anyone enlighten me why client TLS certificates are used so rarely? It
#used to be a hassle in the past, but now at least the major browsers offer
#quite decent client cert support,
Not quite seeing eye-to-eye with you on the "quite decent client cert
support" point, I'm
Quoting http://xmpp.org/extensions/xep-0027.html#signing:
Signing enables a sender to verify that they sent a certain block of text.
[...] The text that is signed MAY be the empty string.
(There's no metadata or anything there, just a raw signature).
Peter.
__
On Sun, Mar 3, 2013 at 11:22 PM, wrote:
> Hi,
>
> Can anyone enlighten me why client TLS certificates are used so rarely? It
> used to be a hassle in the past, but now at least the major browsers offer
> quite decent client cert support, and seeing how most people struggle with
> passwords, I don
On 03/04/2013 11:15 PM, Open eSignForms wrote:
Step 10 will make it impossible for you mom. ;-)
10. You write your message, sign it with your private key, encrypt
it with your public key and deliver the ciphertext to
https://guidos-secure-mail.com/deliver?to=StealthMongersMom&ciph
On Mon, Mar 4, 2013 at 12:31 PM, Jeffrey Walton wrote:
> Actually, its not too far fetched. In the mobile arena, I see a number
> of in-house browser based apps that can be side-loaded or distributed
> through a private or enterprise application store. When using these
> distribution channels, scr
On Mon, Mar 4, 2013 at 3:10 PM, Peter Thoenen wrote:
> I'm catching up on this but it's a pretty easy answer.
>
>> Say you've implemented a bunch of crypto on your web page via Javascript.
>
> And this is where you went wrong. Don't implement crypto (or anything of
> import) client side period (
I'm catching up on this but it's a pretty easy answer.
> Say you've implemented a bunch of crypto on your web page via Javascript.
And this is where you went wrong. Don't implement crypto (or anything of
import) client side period (if we are talking web based javascript stuff here).
-Peter
__
On 03/04/2013 06:10 PM, StealthMonger wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
Peter Gutmann writes:
... sit behind her with your arms crossed so you can't point to
anything or type stuff out for her, and walk her through the process
of acquiring and using one without leaving
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Gutmann writes:
> writes:
>>Can anyone enlighten me why client TLS certificates are used so
>>rarely? It used to be a hassle in the past
> They're still a huge pain to work with, and probably always will be.
> If you don't believe me, go to
With respect to:
>...
> - repudiation: there is no way deny writing a message; leading to self
> censoring.
>
> In other words, everything I sign with my Thawte client certificate is
> tied to my identity *for life*. That's why I don't use that thing. In
> fact, I've long since lost the priva
On 03/04/2013 08:22 AM, str...@riseup.net wrote:
Hi,
Can anyone enlighten me why client TLS certificates are used so rarely? It
used to be a hassle in the past, but now at least the major browsers offer
quite decent client cert support, and seeing how most people struggle with
passwords, I don't
writes:
>Can anyone enlighten me why client TLS certificates are used so rarely? It
>used to be a hassle in the past
They're still a huge pain to work with, and probably always will be. If you
don't believe me, go to your mother, sit her in front of a computer, sit
behind her with your arms cro
Jon Callas writes:
>(Personally, I don't like GCM. I think it's too tetchy. But I'm pretty blase
>about PKCS#1, because I'm used to pouring over it to make sure it's done
>right.)
Same here. GCM combines the scariest features of CTR mode (it's RC4 all over
again, apart from SSL people have man
On 4/03/13 10:22 AM, str...@riseup.net wrote:
Hi,
Can anyone enlighten me why client TLS certificates are used so rarely?
My thoughts only, not authoritative.
The big answer today is momentum, I would say.
In the past, I would say that forces were deployed against TLS
certificates. The CA
16 matches
Mail list logo