James A. Donald wrote:
But does not, in fact, prevent.
Let me rephrase that. Are we now at a point where we must admit that
PKI isn't going to happen for the Web and that we therefore must face
the rewriting of an unknown (but presumably large) number of lines of
code to accomodate PSKs?
Simon Josefsson wrote:
Btw, could you describe the threat scenario where you believe this
test would be useful?
Well, that's an interesting question. I have to admit that I am no
longer sure there is any point. If people do an appropriate number of
rounds of Miller-Rabin whenever they're
Werner Koch [EMAIL PROTECTED] writes:
On Mon, 29 Aug 2005 17:32:47 +0200, Simon Josefsson said:
which are Fermat pseudoprime in every base. Some applications,
e.g. Libgcrypt used by GnuPG, use Fermat tests, so if you have control
of the random number generator, I believe you could make
At 9:39 AM +0200 9/1/05, Stephan Neuhaus wrote:
Are we now at a point where we must admit that PKI isn't going to happen
s/happen/happen in a widely useful fashion/
for the Web
s/Web/Web and email/
and that we therefore must face the rewriting of an unknown (but
presumably large)
If I may inject my humble opinion(that isn't necessarily a response to
this peticular email), I may not be as informed as some but
While I admit that PKI is flawed, I don't see anyway that PSK could
used effectively.
How are PSKs going to be shared in a secure way?
are we talking about
Alaric Dailey wrote:
If I may inject my humble opinion(that isn't necessarily a response to
this peticular email), I may not be as informed as some but
While I admit that PKI is flawed, I don't see anyway that PSK could used
effectively.
How are PSKs going to be shared in a secure
