This year's Crypto conference is in Santa Barbara August 17-21. The early
registration deadline is July 14th. Full program information is available
at http://www.iacr.org/conferences/crypto2003/2003Program.html .
It'll be great, both technically and socially!
regards,
Greg.
(General Chair)
Gre
Adam Fields said:
> On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote:
>> Regarding the usefulness of SSLbar itself, its immediate purpose was
>> fingerprint display, as a (theoretically) easy means of checking a
>> cert't validity yourself, ...
>
> Maybe this is a stupid question, but exa
Marc Branchaud wrote:
>
> Ian Grigg wrote:
> >
> > Tying the certificate into the core crypto protocol seems to be a
> > poor design choice; outsourcing any certification to a higher layer
> > seems to work much better out in the field.
>
> I'll reserve judgement about the significance of SSLBar
--
On 2 Jul 2003 at 6:04, [EMAIL PROTECTED] wrote:
> If you can't get/verify the fingerprint at least once via
> another channel, you can't use SSLbar to verify the cert.
> About the best you can do is ensure that you're seeing the
> same fingerprint every time you visit the site.
In practic
On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote:
>
> In practice, if people were able to ensure they saw the same
> cert every time they hit what is purportedly the same site,
> this would take out most scams.
What's wrong with the ssh known-hosts approach, for this? Do sites
cha