Most private keys are issued by, not merely certified by, the CAs.
If issued by, not private. Chances are the controlling authority also
gets a copy of that private key.
To install your keys on your https server is painful, despite numerous
people assuring me it is easy, and involves
Thanks for this pointer which leads to Schneier's two reports
in the Guardian about cooperating with Greenwald.
As head of BT security it is hard to believe that Schneier did not
know about BT's covert cooperation with GCHQ and NSA.
His NDA with BT would likely prevent disclosing that knowledge
Hello all,
I've written two new blog entries on eccentric authentication. The
protocol that uses client certificates and a local CA to distribute
public keys between strangers in a secure way.
Please read in this order:
On Thu, Sep 05, 2013 at 10:47:10AM -0700, coderman wrote:
of all the no such agency disclosures, this one fuels the most wild
speculation.
It is reported that the journalists deliberately withheld details
which are available in Snowden's original documents. Somebody
better leak these, fast.
You're right.
http://cpunks.wordpress.com/2013/09/06/how-to-remain-secure-against-surveillance-a-practical-guide/
--Michael
06.09.2013 11:01 Eugen Leitl eu...@leitl.org:
On Thu, Sep 05, 2013 at 10:47:10AM -0700, coderman wrote:
of all the no such agency disclosures, this one fuels the most
An understated response to the NSA and unidentifed friends treachery:
http://blog.cryptographyengineering.com/2013/09/on-nsa.html
More of these expected, many. But who knows, as Green says,
all could go back to swell comsec business as usual.
___
12 January 2012. FBI OpenBSD Backdoors and RSA Cipher Vulnerability:
http://cryptome.org/2012/01/0032.htmhttp://cryptome.org/2012/01/0032.htm ___
cryptography mailing list
cryptography@randombit.net
- Forwarded message from arxlight arxli...@arx.li -
Date: Fri, 06 Sep 2013 00:46:15 +0200
From: arxlight arxli...@arx.li
To: cryptogra...@metzdowd.com
Subject: Re: [Cryptography] Opening Discussion: Speculation on BULLRUN
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0)
On 9/6/13, John Young j...@pipeline.com wrote:
An understated response to the NSA and unidentifed friends treachery:
http://blog.cryptographyengineering.com/2013/09/on-nsa.html
More of these expected, many. But who knows, as Green says,
all could go back to swell comsec business as usual.
2013/9/6 ianG i...@iang.org
Hmmm, curious. I haven't seen that. I would also suspect it breaks a lot
of CPSs and user agreements. But no matter, they're all broken anyway.
A 'user agreement' is an agreement between a company and a 'user'. All
claims in it shall hold valid unless law
On Fri, Sep 6, 2013 at 7:27 PM, Jeffrey Walton noloa...@gmail.com wrote:
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES with an authenticated encryption
mode (or CBC mode with {HMAC|CMAC}).
My own very subjective opinion is that
On Fri, Sep 6, 2013 at 8:53 PM, Natanael natanae...@gmail.com wrote:
http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
Apparently it's called cascade encryption or cascade encipherment,
and the implementations are apparently called robust combiners. And
by the way,
On Fri, Sep 6, 2013 at 8:05 PM, Jeffrey Walton noloa...@gmail.com wrote:
I'm more worried about key exchange or agreement.
The list of things to get right is long. The hardest is getting the
implementation right -- don't do all that work just to succumb to a
remotely exploitable buffer
On 2013-09-06 11:58 PM, Ralph Holz wrote:
I'd be surprised if a majority of CAs
insisted on generating the key for you.
No one insists, as far as I know. The problem is that idiocy is
possible and permissible, not that it is mandatory.
___
14 matches
Mail list logo