On 08/04/14 11:46, ianG wrote:
We have here a rare case of a broad break in a security protocol leading
to compromise of keys.
Though it's an implementation break, not a protocol break.
___
cryptography mailing list
cryptography@randombit.net
On 08/04/14 11:46, ianG wrote:
We have here a rare case of a broad break in a security protocol leading
to compromise of keys.
On 2014-04-09 21:53, Alan Braggins wrote:
Though it's an implementation break, not a protocol break.
Not exactly. The protocol failed to define a response to
On 04/10/2014 12:29 AM, James A. Donald wrote:
On 08/04/14 11:46, ianG wrote:
We have here a rare case of a broad break in a security protocol leading
to compromise of keys.
On 2014-04-09 21:53, Alan Braggins wrote:
Though it's an implementation break, not a protocol break.
Not
On Apr 9, 2014, at 4:41 PM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote:
I figure there are some protocol design lessons maybe. There's
a thread started on the TLS list about it today. [2] Be interesting
to see what that turns up.
There is actually a second thread on the TLS list today
On 7/04/2014 22:53 pm, Edwin Chu wrote:
Hi
A latest story for OpenSSL
http://heartbleed.com/
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library. This weakness allows stealing the
information protected, under normal
On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote:
While everyone's madly rushing around to fix their bitsbobs, I'd
encouraged you all to be alert to any evidence of *damages* either
anecdotally or more firm. By damages, I mean (a) rework needed to
secure, and (b) actual breach into sites
Message du 08/04/14 18:44
De : ianG
E.g., if we cannot show any damages from this breach, it isn't worth
spending a penny on it to fix! Yes, that's outrageous and will be
widely ignored ... but it is economically and scientifically sound, at
some level.
So, let's wait until another 40
On Tue, Apr 08, 2014 at 01:12:25PM -0400, Jonathan Thornburg wrote:
On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote:
While everyone's madly rushing around to fix their bitsbobs, I'd
encouraged you all to be alert to any evidence of *damages* either
anecdotally or more firm. By
On Tue, Apr 8, 2014 at 3:18 PM, tpb-cry...@laposte.net wrote:
Message du 08/04/14 18:44
De : ianG
E.g., if we cannot show any damages from this breach, it isn't worth
spending a penny on it to fix! Yes, that's outrageous and will be
widely ignored ... but it is economically and
On Tue, Apr 8, 2014 at 6:46 AM, ianG i...@iang.org wrote:
On 7/04/2014 22:53 pm, Edwin Chu wrote:
...
E.g., if we cannot show any damages from this breach, it isn't worth
spending a penny on it to fix! Yes, that's outrageous and will be
widely ignored ... but it is economically and
Message du 08/04/14 21:42
De : ianG
A : tpb-cry...@laposte.net, cryptogra...@metzdowd.com,
cryptography@randombit.net
Copie à :
Objet : Re: [Cryptography] The Heartbleed Bug is a serious vulnerability in
OpenSSL
On 8/04/2014 20:18 pm, tpb-cry...@laposte.net wrote:
Message du 08/04
On 8/04/2014 20:33 pm, Nico Williams wrote:
On Tue, Apr 08, 2014 at 01:12:25PM -0400, Jonathan Thornburg wrote:
On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote:
While everyone's madly rushing around to fix their bitsbobs, I'd
encouraged you all to be alert to any evidence of *damages*
On 8/04/2014 21:02 pm, tpb-cry...@laposte.net wrote:
You said you control a quite famous bug list.
Not me, you might be thinking of the other iang?
I should not ask this here, but considering the situation we found ourselves
regarding encryption infrastructure abuse from the part of US
we should probably stop keeping secrets on the internet. (snark snark)
marc
On Tue, Apr 8, 2014 at 3:17 PM, ianG i...@iang.org wrote:
On 8/04/2014 21:02 pm, tpb-cry...@laposte.net wrote:
You said you control a quite famous bug list.
Not me, you might be thinking of the other iang?
I
14 matches
Mail list logo