On 19/10/11 01:51 AM, Paul Hoffman wrote:
On Oct 18, 2011, at 4:10 AM, ianG wrote:
Another meta question: I seem to have missed the news that RSA has stopped
their factoring challenge in 2007!
http://en.wikipedia.org/wiki/RSA_Factoring_Challenge
Has anything replaced it? This is a great
On 19/10/11 02:42 AM, Paul Hoffman wrote:
On Oct 18, 2011, at 8:24 AM, ianG wrote:
On 19/10/11 01:51 AM, Paul Hoffman wrote:
On Oct 18, 2011, at 4:10 AM, ianG wrote:
Another meta question: I seem to have missed the news that RSA has stopped
their factoring challenge in 2007!
http
.
The business has been declared a legal munition since forever, and the
NSA's cute trick has been turned on its own flock.
Whaddya guys need? A declaration of war?
The name of this syndrome is called being locked in ones own OODA
loop. C.f., John Boyd.
iang
On 1/10/11 22:11 PM, William Allen Simpson wrote:
I started reading this thread, and then left it alone, and am catching
up.
It's hard to know where to start, so changing the subject a little.
:)
On 9/20/11 12:51 PM, ianG wrote:
On 20/09/11 01:53 AM, Andy Steingruebl wrote:
SSH doesn't
On 26/09/11 20:28 PM, StealthMonger wrote:
Drill Grandma on one thing:
...REMEMBER THE KEY ID.
Actually, this is not only a reasonably interesting idea, it's part of
the PKI model. If Grandma gets defrauded by a false cert, and wants
some remedy, she has to identify who it was.
of sites
contexts) ... they won't work to make client certs better.
All of this (again) aligns well with key continuity / pinning / and
various other buzzwords. But, really, you have to try it. There's no
point in talking about it.
iang
[0] Where, logged in means, is using an appropriate
of this will destroy a number of myths about security
and the Internet...
iang
[0] Dealing with phishing is all about risks, not about theoretical
binary security thinking. For most part that's because the vendors have
really not dealt with it, so the users have increased risks, and have
it
on to a single purpose machine.
iang
[0] Which I call high security. Banking I generally call medium
security ... anything using web browsers isn't really serious IMHO.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
key
corresponding to this public key is capable of receiving email at the
address, emails certificate it back to ostensible email address.
Right, easy enough. What the CA would need to do is figure out a way to
add some value to that process. Easy enough.
iang
not personal :) It's just business.
You see the same effect of compliance in other industries, the famous
example we talk about is Sarbanes-Oxley and securitization and the race
to global bankruptcy :)
x
iang
___
cryptography mailing list
evidence of this in Chrome's CA pinning.
iang
[0] Gross or criminal negligence is that negligence found when they
know they are wrong, or they should have known they are wrong. Or
should know it means that they have the experience and interest to know
.
Is it possible that nobody really wanted smime to work?
iang
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
original design-assumptions, whereas SSL was
pretty much never used in accordance with its original design-assumptions.
iang
[0] This of course is the problem with designing for a problem you
haven't any evidence of existance ;-) By the time you need the solution,
it's been modified beyond
; it didn't solve the real problem, but it
itself wasn't much of an issue until attackers started embarrassing it
by invading its design space with attacks.
iang
[0] that's a bit of a misnomer, even cryptographers warn the builders of
crypto tools that on-off security doesn't exist.
[1] So, SSL
301 - 314 of 314 matches
Mail list logo
