Ed Gerck wrote:
Depends on your use. An X.509 identity cert or a PGP cert
can be made as secure as you wish to pay for. The real
question, however, that is addressed by the paper is
how useful are they in terms of email security? How do
you compare them and which one or which product to
- Original Message -
From: Jörn Schmidt [EMAIL PROTECTED]
Subject: Re: Countries that ban the use of crypto?
[China bans cryptography]
I'm not going to out anyone on this, but even a quick search of Skype finds
quite a few individuals who make use of cryptography in China. So I
JXrn Schmidt [EMAIL PROTECTED] writes:
However, there are only two countries, to the best of my knowledge, that
outright ban cryptography: Russia and China. And even that's only a de-facto
ban since both only require individuals to obtain a license to use
cryptography in any way, shape or form.
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat should
resist every probable storm, and if it does not it
is a bad boat, an encryption system should resist
every real threat, and if it does not it is a bad
Lee Parkes [EMAIL PROTECTED] writes:
A colleague of mine is locked in a battle with a client about the use of NULL
ciphers for OpenSSL. The client claims that he has/wants to allow NULL
ciphers so that people in countries that ban the use of crypto can still use
the website. My colleague wants to
At 08:05 PM 12/2/2005, [EMAIL PROTECTED] wrote:
You know, I'd wonder how many people on this
list use or have used online banking.
I've used it for about a decade at my credit union,
and I've had my paychecks deposited directly for decades.
There are things I absolutely won't do,
like have a
James A. Donald [EMAIL PROTECTED] writes:
... email should be sent by a direct connection from the client to
the recipient mail server, rather than this store and forward crap.
This would eliminate the only available technique for strong anonymity
or pseudonymity. Strong anonymity or
Does anyone here have any links to voting system designs that use
cryptography to achieve their goals? I'm curious what could be
achieved in that direction.
http://www.lightconsulting.com/~travis/ -- Knight of the Lambda Calculus
We already have enough fast, insecure systems. -- Schneier
From: Ed Gerck [EMAIL PROTECTED]
Depends on your use. An X.509 identity cert or a PGP
cert can be made as secure as you wish to pay for.
Many users are already using MUAs that check signatures.
Why are phishing targets not already using signed mail?
I conjecture that
[From Computerworld - see
Security firm detects IM bot that chats with you
Bot replies with messages such as 'lol no its
not its a virus'
Anne Lynn Wheeler wrote:
i've periodically written on security proportional to risk ... small sample
introductioin of PKI and certificates in such an environment may
actually create greater vulnerabilities ... since it may convince the
Ed Gerck wrote:
Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the threat model
considered in the CPS.
but that is one of the points of the article that as you automate more
things you have to be extra careful
Mail list logo