Ron Garret writes:
> The whole idea of an expiration date (rather than an issue date)
> on a certificate is a sort of a scam by the CAs to coerce people
> into renewing (and hence paying for) their certificates on a regular
> schedule. I think some CAs don’t even enforce the use of a new key
>
John R. Levine writes:
> >But all of this is rather a moot point nowadays. Now that letsencrypt is
> >live, there is no reason to pay for a cert any more.
>
> Try getting a let's encrypt cert for your mail server. Or getting an EV
> cert.
EV certs are definitely not available from Let's
Lee writes:
On 3/21/15, Jeffrey Goldberg jeff...@goldmark.org wrote:
[Apologies for quoting badly]
No! A thousand times no.
(1) the file isn't secret
But the fact that I'm using it as my one-time pad is. Why isn't that
good enough?
If an attacker has access to the same web sites
/in-shuffling-cards-7-is-winning-number.html
--
Seth David Schoen sch...@loyalty.org | No haiku patents
http://www.loyalty.org/~schoen/| means I've no incentive to
FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 |-- Don Marti
Lodewijk andré de la porte writes:
I don't see how it could reduce the randomness to XOR with patterned data.
If someone knows better of this, let me know. If I'm correct that also
means it should be okay to reuse the few KB's should they ever run out (in
this system), at worst it no longer
not an indication of security.
There are many potential vulnerabilities resulting from bad randomness;
it is important to thoroughly test every component of a random-number
generator, not merely to look for certain types of extreme failures.
--
Seth David Schoen sch...@loyalty.org | No haiku
James A. Donald writes:
Although websites often use huge numbers of huge cookies, one can
easily optimize one's cookie use. I can see no reason why anyone
would ever need more than a single 96 bit cookie that is a random
number.
They might want to make the content and purpose of the cookie
Jeffrey Walton writes:
What is the state of the art for mobile password cracking on iOS and Android?
I'm not sure if you're thinking primarily of the operating-system level
passwords or third-party crypto apps.
Dmitry Sklyarov (the same Dmitry Sklyarov) gave an interesting talk at
BlackHat
isn't
exercising.
--
Seth David Schoen sch...@loyalty.org | No haiku patents
http://www.loyalty.org/~schoen/| means I've no incentive to
FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 |-- Don Marti
___
cryptography mailing list
Ben Laurie writes:
How will the opt-out mechanism work so that it is not degraded by uses
clicking through a warning?
Don't quite understand the question: if you have opted out you
shouldn't get a warning, surely?
I think that question was about unilateral client-side opt-out (users
Arshad Noor writes:
I'm not sure I understand why it would be helpful to know all (or any)
intermediate CA ahead of time. If you trust the self-signed Root CA,
then, by definition, you've decided to trust everything that CA (and
subordinate CA) issues, with the exception of revoked
Andy Steingruebl writes:
They used to be quite common, but other than 1 or 2 sites I visit
regularly that I know ave self-signed certs, I *never* run into cert
warnings anymore. BTW, I'm excluding mixed content warnings from
this for the moment because they are a different but related issue.
Randall Webmail writes:
From: Seth David Schoen sch...@eff.org
To: Crypto discussion list cryptography@randombit.net
Sent: Tuesday, September 13, 2011 2:31:59 PM
Subject: Re: [cryptography] Let's go back to the beginning on this
HTTPS Everywhere makes users encounter this situation more
Ralph Holz writes:
Yes, with the second operation offline and validating against the NSS
root store. I don't have a MS one at the moment, it would be interesting
(how do you extract that from Win? The EFF guys should know)
You might look at
potentially discover
or collect. It also means that an individual user who knows what
public-key cryptography is can potentially do something to determine
whether an alleged key is valid.
--
Seth David Schoen sch...@loyalty.org | No haiku patents
http://www.loyalty.org/~schoen
.
Unlike a human-operated probate court, the Bitcoin network has no
notion of intestacy or escheat. If it becomes clear that some coins
can never ever be claimed, well, wasn't that testator odd to do that?
--
Seth David Schoen sch...@loyalty.org | No haiku patents
http://www.loyalty.org
16 matches
Mail list logo