Top-posting and +1ing on a few responses. Two points, on pedagogy, and
grounding.
Pedagogy. In cryptography, we teach people to analyse existing
algorithms and systems, before attempting to build their own. This
really takes a long time, years or a decade. We don't expect junior
cryptog
On 26/01/13 01:25 AM, Jeffrey Walton wrote:
Hi All,
Is there any bonding of CAs? Do any browsers or other relying parties
require it?
EV requires insurance, but the description was originally a little
convoluted. In essence it could be summarised "unless one is Symantec
nee Verisign, a tok
On 2013-01-26 8:31 AM, Paul Hoffman wrote:
Since there isn't a strong list moderator here, I gotta ask: is this (and
similar PKIX-is-broken threads) on-topic for this mailing list? Regardless of
how much I agree with the sentiment, it seems to have nothing to do with
cryptography. Maybe someon
Well, are there more people here who want a more strict crypto only list
than those who want a more "generic" one? Would we set stricter rules here,
or would there have to be a split? If there would be a split, are there
enough of those who want a stricter list to start a new list and keep it
going
Peter Gutmann [2013-01-25 17:04]:
I'd say it is. Despite the title, it's a general-purpose security list, the
logical successor to Perry's list for which the topic was "anything Perry
finds interesting", so I'd say non-pure-crypto discussions are very much OK.
In fact a pure-crypto list would g
I had the impression this list and its predecssor moderated (too heavily
IMO) by Perry were primarily about applied crypto. So you get to tolerate a
bit of applied crypto security stuff if you're interested in crypto theory
and vice versa. Seems healthy to me (cross informs both camps).
In term
Paul Hoffman writes:
>Since there isn't a strong list moderator here, I gotta ask: is this (and
>similar PKIX-is-broken threads) on-topic for this mailing list?
I'd say it is. Despite the title, it's a general-purpose security list, the
logical successor to Perry's list for which the topic was
On Jan 25, 2013, at 4:11 PM, Natanael wrote:
> If somebody wants there to be a pure cryptography mailing list and separate
> more generic one (like this one currently is), I think that person would have
> to try starting a more strict crypto mailing list, because I don't think most
> people he
On topic for the thread: I don't *think* there's currently any insurance
companies with special policies for CA:s. There might be about 600
organizations that can issue SSL certs according to EFF, but there's more
insurance companies than that in the world. Most of them probably don't
have many CA:
Since there isn't a strong list moderator here, I gotta ask: is this (and
similar PKIX-is-broken threads) on-topic for this mailing list? Regardless of
how much I agree with the sentiment, it seems to have nothing to do with
cryptography. Maybe someone should set up a post-pki mailing list for s
Hi All,
Is there any bonding of CAs? Do any browsers or other relying parties
require it?
Recall the first thing Diginotar did upon its failure was declare
bankruptcy. I believe that likely relieved the company of most of its
fiduciary responsibilities laid out in it CPS.
Two things drop out: (1
11 matches
Mail list logo
