On Thu, Feb 10, 2005 at 06:24:46PM -0500, Steven M. Bellovin wrote:
One member of this mailing list, in a private exchange, noted that
he had asked his bank for their certificate's fingerprint. My
response was that I was astonished he found someone who knew what
he was talking about.
Anyone else actually know about these things?
On 2/10/05 7:48 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
david, thanks for your helpful analysis.
one thing i haven't been able to find is a description of how supernodes are
selected for a particular call.
(i'd assume they'd attempt
Steven M. Bellovin [EMAIL PROTECTED] writes:
Is a private root key (or the equivalent signing device) an asset that can be
acquired under bankruptcy proceedings? Almost certainly.
Absolutely certainly. Even before Baltimore, CA's private keys had been
bought and sold from/to third parties,
Steven M. Bellovin wrote:
Unusual CA? I'm not sure what a *usual* CA is.
Just for fun, I opened up the CA list that came with my copy of
Firefox. There are no fewer than 40 different entities listed, many of
whom have more than one certificate. I personally know less than half
of them to be
10 Feb 2005
Today, cryptographers Serge Mister and Robert Zuccherato from Entrust
released a paper outlining an attack on the way OpenPGP does symmetric
cryptography. They have been kind enough to give the OpenPGP community
advance notice of their
House backs major shift to electronic IDs
By Declan McCullagh
Story last modified Thu Feb 10 17:46:00 PST 2005
The U.S. House of Representatives approved on Thursday a sweeping set of
rules aimed at forcing states
On Fri, Feb 11, 2005 at 11:31:16AM -0500, Tim Dierks wrote:
On Thu, 10 Feb 2005 15:59:04 -0500, Victor Duchovni
[EMAIL PROTECTED] wrote:
If the symmetric cypher is fully re-keyed when sessions are resumed
while avoiding the fresh start PKI overhead, then life is simple
and sessions can be
[EMAIL PROTECTED] said:
This subject came up before.
ah, yes, in various forms.
The refs in that paper lead to this, fwiw..
The Washington Post
Break-In At SAIC Risks ID Theft
Computers Held Personal Data on Employee-Owners
By Griff Witte
Washington Post Staff Writer
Saturday, February 12, 2005; Page E01
Some of the
www.sfgate.com Return to regular view
Fighting Net crime with code
Surge in phishing e-mails to take spotlight at cryptography conference
- Carrie Kirby, Chronicle
Has anyone got any experience or tips on critical
bits in certificates? These are bits that can be
set in optional records that a certificate creator
puts in there to do a particular job. The critical
bit says don't interpret this entire certificate
if you don't understand this record.
Posted on Mon, Feb. 14, 2005
NSA May Be 'Traffic Cop' for U.S. Networks
WASHINGTON - The Bush administration is considering making the National
Making your IM secure--and deniable
By Robert Lemos
Story last modified Mon Feb 14 17:05:00 PST 2005
SAN FRANCISCO--When you hit the Send button on an instant message, do you
really know who is on the other end?
'Trustworthy' Computing Now Gates' Focus
1 hour, 21 minutes ago
By MATTHEW FORDAHL, AP Technology Writer
SAN JOSE, Calif. - Microsoft Corp. co-founder Bill Gates (news - web
From Bruce Schneier's weblog:
# SHA-1 has been broken. Not a reduced-round version. Not a simplified
# version. The real thing.
# The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly
# from Shandong University
Schneier on Security
A weblog covering security and security technology.
« RSA Conference | Main
February 15, 2005
SHA-1 has been broken. Not a reduced-round version. Not a simplified
According to Bruce Schneier's blog
team has found collisions in full SHA-1. It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively
Barry Shein [EMAIL PROTECTED] writes:
Eventually email will just collapse (as it's doing) and the RBOCs et al will
inherit it and we'll all be paying 15c per message like their SMS services.
And the spammers will be using everyone else's PC's to send out their spam, so
the spam problem will
Mail list logo