> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Peter Saint-Andre
> Sent: Wednesday, August 24, 2005 4:56 PM
> To: cryptography@metzdowd.com
> Subject: Re: Another entry in the internet security hall of shame
>
>
> Tim Dierks wrote:
> > [resendin
* R. A. Hettinga quotes:
> Today RSA is perhaps best known for staging a prestigious annual security
> conference and for selling 20 million little devices that display a
> six-digit code computer users must type to gain access to computer
> networks. The code, which changes every minute as de
On 8/25/05, Trei, Peter <[EMAIL PROTECTED]> wrote:
> Self-signed certs are only useful for showing that a given
> set of messages are from the same source - they don't provide
> any trustworthy information as to the binding of that source
> to anything.
Which is just fine. Pseudonymity is good.
At 9:42 AM -0400 8/25/05, Trei, Peter wrote:
>Self-signed certs are only useful for showing that a given
>set of messages are from the same source - they don't provide
>any trustworthy information as to the binding of that source
>to anything.
Oddly enough, the same could be said for a hierarchica
Trei, Peter wrote:
Ironically, Peter's message above kicked off warning
dialogs from MS Outlook, since it was signed using a keypair
signed with Peter's own self-signed root, which was not in
MSO's list of trusted roots.
You may trust CAcert's root more or less than a root that is trusted by
Trei, Peter wrote:
Self-signed certs are only useful for showing that a given
set of messages are from the same source - they don't provide
any trustworthy information as to the binding of that source
to anything.
Perfectly acceptable over chat, no? That is,
who else would you ask to confirm
Tim Dierks wrote:
[resending due to e-mail address / cryptography list membership issue]
On 8/24/05, Ian G <[EMAIL PROTECTED]> wrote:
Once you've configured iChat to connect to the Google Talk service, you may
receive a warning message that states your username and password will be
transferred
Ian G <[EMAIL PROTECTED]> writes:
> Trei, Peter wrote:
>
>> Self-signed certs are only useful for showing that a given
>> set of messages are from the same source - they don't provide
>> any trustworthy information as to the binding of that source
>> to anything.
>
> Perfectly acceptable over chat
Trei, Peter wrote:
> Ironically, Peter's message above kicked off warning
> dialogs from MS Outlook, since it was signed using a keypair
> signed with Peter's own self-signed root, which was not in
> MSO's list of trusted
> roots.
>
> Self-signed certs are only useful for showing that a given
> s